Which of the following is an application security codin…

Which of the following is an application security coding problem?

Which of the following is an application security coding problem?

A.
Error and exception handling

B.
Patch management

C.
Application hardening

D.
Application fuzzing

Explanation:
Exception handling is an aspect of secure coding. When errors occur, the system should revert back to a secure state. This must be coded into the system by the
programmer, and should capture errors and exceptions so that they could be handled by the application.
Incorrect Answers:
B: Patch management is the process of maintaining the latest source code for applications and operating systems. This helps protect a systems from known
attacks and vulnerabilities, and is provided by the vendor in response to newly discovered vulnerabilities in the software.
C: Hardening is the process of securing a system by reducing its surface of vulnerability. Reducing the surface of vulnerability typically includes removing
unnecessary functions and features, removing unnecessary usernames or logins and disabling unnecessary services.
D: Fuzzing is a software testing technique that involves providing invalid, unexpected, or random data to as inputs to a computer program. The program is then
monitored for exceptions such as crashes, or failed validation, or memory leaks.

http://en.wikipedia.org/wiki/Fuzz_testing
Dulaney, Emmett and Chuck Eastton, CompTIA Security+ Study Guide, Sixth Edition, Sybex, Indianapolis, 2014, p 218, 220
Stewart, James Michael, CompTIA Security+ Review Guide, Sybex, Indianapolis, 2014, pp 229, 230, 231-232



Leave a Reply 0

Your email address will not be published. Required fields are marked *