The software security team is performing security testing for a new software product that is close to production release. They are concentrating on integrations between the new product and database servers, web servers, and web services.
Which security testing technique is being used?
The security team has a library of recorded presentations that are required viewing tor all new developers in the organization. The video series details organizational security policies and demonstrates how to define, test for. and code tor possible threats.
Which category of secure software best practices does this represent?
The software security team has been tasked with assessing a document management application that has been in use for many years and developing a plan to ensure it complies with organizational policies.
Which post-release deliverable is being described?
Company leadership has contracted with a security firm to evaluate the vulnerabilityofall externally lacing enterprise applications via automated and manual system interactions. Which security testing technique is being used?
Credit card numbers are encrypted when stored in the database but are automatically decrypted when data is fetched. The testing tool intercepted the GET response, and testers were able to view credit card numbers as clear text.
How should the organization remediate this vulnerability?
Which mitigation technique can be used to light against a threat where a user may gain access to administrator level functionality?
Which threat modeling approach concentrates on things the organization wants to protect?
Which secure coding best practice says to require authentication before allowing any files to be uploaded and to limit the types of files to only those needed for the business purpose?
Which security assessment deliverable identities possible security vulnerabilities in the product?
A company is moving forward with a new product. Product scope has been determined, teams have formed, and backlogs have been created. Developers areactively writing code for the new product, with one team concentrating on delivering data via REST services, one Team working on the mobile apps, and a third team writing the web application.
Which phase of the software developmentlifecycle(SDLC) is being described?
The software security group is conducting a maturity assessment using the Building Security in Maturity Model (BSIMM). They are currently focused on reviewing attack models created during recently completed initiatives.
Which BSIMM domain is being assessed?