Secure Software Development

Question 1

Occurs when a tester is not provided with any information about
the system or program prior to conducting the test

Answer 1

Black Box Testing

Question 2

Occurs when a tester is provided full details of a system including
the source code, diagrams, and user credentials in order to
conduct the test

Answer 2

White Box Testing

Question 3

Provides control over what the application should do when faced with a
runtime or syntax error

Answer 3

Structured Exception Handling(SEH)

Question 4

Applications verify that information received from a user matches
a specific format or range of values

Answer 4

Input Validation

Question 5

Source code of an application is reviewed manually or with automatic
tools without running the code

Answer 5

Static Analysis

Question 6

§ Analysis and testing of a program occurs while it is being executed or run

Answer 6

Dynamic Analysis

Question 7

Injection of randomized data into a software program in an attempt to
find system failures, memory leaks, error handling issues, and improper
input validation

Answer 7

Fuzzing

Question 8

Code placed in computer programs to bypass normal authentication and
other security mechanisms

Answer 8

Backdoors

Question 9

Method of accessing unauthorized directories by moving through the
directory structure on a remote server

Answer 9

Directory Traversal

Question 10

Occurs when an attacker is able to execute or run commands
on a victim computer

Answer 10

Arbitrary Code execution

Question 11

Occurs when an attacker is able to execute or run commands
on a remote computer

Answer 11

Remote Code Execution

Question 12

Attack against a vulnerability that is unknown to the original developer or
manufacturer

Answer 12

Zero Day

Question 13

Occurs when a process stores data outside the memory range allocated
by the developer

Answer 13

Buffer Overflow

Question 14

§ A temporary storage area that a program uses to store data

Answer 14

Buffer

Question 15

Reserved area of memory where the program saves the return
address when a function call instruction is received

Answer 15

Stack

Question 16

Occurs when an attacker fills up the buffer with NOP so that the
return address may hit a NOP and continue on until it finds the
attacker’s code to run

Answer 16

“Smash the Stack”

Question 17

Method used by programmers to randomly arrange the different
address spaces used by a program or process to prevent buffer
overflow exploits

Answer 17

Address Space Layout Randomization

Question 18

Occurs when an attacker embeds malicious scripting commands on a
trusted website

Answer 18

Cross-Site Scripting(XSS)

Question 19

Occurs when an attacker forces a user to execute actions on a web server
for which they are already authenticated

Answer 19

Cross-Site Request Forgery(XSRF/CSRF)

Question 20

Attack consisting of the insertion or injection of an SQL query via input
data from the client to a web application

Answer 20

SQL Injection

Question 21

A software vulnerability when the resulting outcome from execution processes is
directly dependent on the order and timing of certain events, and those events
fail to execute in the order and timing intended by the developer

Answer 21

Race Conditions