Tag: security
Questions Related to security
-
AntiSamy
-
WebScarab
-
WebGoat
-
ESAPI
-
Ounce
-
WebInspect
-
IBM RAD
-
None of the above
-
Ounce
-
DevInspect
-
AppScan
-
FXCop
-
Web Proxy
-
XSS Scanner
-
An insecure J2EE web application
-
None of the above
-
Group based access control should be implemented to assign permissions to application users
-
Consistent authorization checking should be performed on all application pages
-
A set of all allowable actions should be defined for each user role and all other's denied
-
All failed access authorization requests should be logged to a secure location for review by administrators
-
Acquiring, Testing, Installing
-
Testing, Remediation, Peer Review
-
Determine needs, Acquire resources, Install the patch
-
Both A & B
-
Set autocomplete to “0”
-
Set autocomplete to “Off”
-
Set autocomplete to some other value
-
Set autocomplete to “no-store”
-
Critical transactions
-
Account Lockout
-
Page load times for all application pages
-
Login/Logout events for users
-
Request that the user authenticate him/herself by replying to the email with their account credentials.
-
Personalized greeting line
-
Providing easy access to the customer's account via a “Click Here” style link
-
Sending the email from a domain set up specifically for the special offer
-
No. Because leads to insecure storage of private information of the customer
-
Yes. Because it is a good logging practice to log all relevant information during an exception
-
Yes. Because it will help in troubleshooting specific customer problems
-
No. Because its an additional over head