.png){kind=logo}
D385 - Software Security Testing 11 studiers recently Leave the first rating Students also studied Terms in this set (34) Western Governors UniversityD 385 Save D385 Pre-Assessment (All Correct) 39 terms Cydo_EntisPreview D385 Software Security and Testing...69 terms sdelbonPreview D385 40 terms rcblockhead3Preview
D385: F
46 terms kam Practice questions for this set Learn1 / 7Study using Learn
- Method Not Allowed
- the endpoint does not allow for that specific HTTP method
Which is best for input validation?type() Which Python function is prone to a potential code injection attack?eval() Choose an answer 1Which is best for input validation?2 What is the primary defense against log injection attacks?3 Checking functional and preconditions and postconditions is best practice for?4Status Code 405 Don't know?
prevent log injectionvalidate() What are two common defensive coding techniques? Check functional and preconditions and postconditions Checking functional and preconditions and postconditions is best practice for?Defensive Coding An attacker exploits a cross-site scripting vulnerability Access User's data A user masquerades as other users, what type of attack was used?Cross Site Scripting Which method is used for a SQL injection attack? Exploiting query parameters Exploiting query parameters causes what attack? SQL injection What is returned when using response.contentreturns the raw binary content of the HTTP response as bytes.Which response method, when sent a request, returns information about the server's response and is delivered back to the console?response.content What can an attacker do with a log injection attack Injection of commands a parser can execute What is the primary defense against log injection attacks? Sanitize outbound log messages Which package is meant for internal use by Python for regression testing?test Which software testing relies on using old test cases? Regression testing When should regression testing be conducted? After some code changes What does cross-origin resource sharing (CORS) allow users to do?Override same starting policy for specific resources Access Control Allow Origin- client request to (server) www.client.url , what does server send back?ACAO client.url Which protocol caches a token after it has been acquired?
MSAL An attacker exploits a cross-site scripting vulnerability. Access the user's data A security analyst has noticed a vulnerability in which an attacker took over multiple users' accounts.Which vulnerability did the security analyst encounter?Broken access control
When creating a new user, an administrator must submit
the following fields to an API endpoint:
Name Email Address Password IsAdmin What is the best way to ensure the API is protected against privilege escalation?Implement resource and field-level access control
def authorizeAdmin(usr):
assert isinstance(usr, list) and usr != [], "No user found" assert 'admin' in usr, "No admin found."print("You are granted full access to the application.")
If __name__ == '__main__':authorizeAdmin(['user'])
AssertionError: No admin found
Status Code 200Ok Status Code 201Created Status Code 400Bad Request Status Code 401- Unauthorized
- your request requires some additional permissions
- the requested resource does not exist
- the endpoint does not allow for that specific HTTP method
- your request wasn't expected and probably broke something on the server side
Status Code 403Forbiden Status Code 404- Not Found
Status Code 405- Method Not Allowed
Status Code 500- Internal Server Error
Consider the following API code snippet:
import requests url = 'https://website.com/'
# Get request result = requests.get(url) # Print request print(result.content.decode()) Which status code will the server return?403
The user submits the following request to an API
endpoint that requires a header:
import requests url = 'https://api.github.com/invalid'
try: request_response = requests.get(url)
# If the response was successful, no Exception will be raised request_response.raise_for_status() except
Exception as err:
print(f'Other error occurred: {err}')
else: print('Success!')
Which response code will the user most likely be presented with?404
Consider the following penetration test:
import requests urls = open("websites.txt", "r")
for url in urls: url = url.strip()
req = requests.get(url) print (url, 'reportde02 try:
transport_security = req.headers['Strict-Transport- Security']
except: print ('HSTS header not set properly')
Which security vulnerability is shown?Man-In-The-Middle
.png)