Which among the below is a browser based HTTP tampering tool for Firefox browser?
LiveHTTPHeaders
Sqlninja
Bobcat
WebGoat
What product among the below can be used as a static code analyzer?
Ounce
WebInspect
IBM RAD
None of the above
Which product among the below can be used as a penetration testing tool?
DevInspect
AppScan
FXCop
What is OWASP WebGoat?
Web Proxy
XSS Scanner
An insecure J2EE web application
The principle of least privilege as it applies to Access control mandates that:
Group based access control should be implemented to assign permissions to application users
Consistent authorization checking should be performed on all application pages
A set of all allowable actions should be defined for each user role and all other's denied
All failed access authorization requests should be logged to a secure location for review by administrators
The ASAP process can applied at which phase of an application development for best results?
During testing
During development
During all phases of development starting with requirement analysis and ending with rollout
During design
In the ASAP process what is the main activity carried out in the requirement analysis phase?
Capture the customer requirements
Update the project plan
Capture and update the URS and SRS with security requirements for the project
Who has the responsibility for remediation of the security vulnerabilities discovered during application security testing?
ASAP Team
Development Team
Testing Team
Project Management
What are the different types of engagement models available for ASAP?
Time and Money, Fixed price
Offshore, Onshore, Offshore-Onshore
Full-Fledged, Staggered, Fast Track
As part of ASAP what type of analysis is performed during the design and build phase?
Dynamic code analysis
Static code analysis
Both
None