The following has been discovered in an internally developed application:
Error – Memory allocated but not freed:
char *myBuffer = malloc(BUFFER_SIZE);
if (myBuffer != NULL) {
*myBuffer = STRING_WELCOME_MESSAGE;
printf(“Welcome to: %s\\n”, myBuffer);
}
exit(0);
Which of the following security assessment methods are likely to reveal this security weakness? (Select TWO).
A.
Static code analysis
B.
Memory dumping
C.
Manual code review
D.
Application sandboxing
E.
Penetration testing
F.
Black box testing