The Web development team has discovered that the shopping cart application on the website is allowing certain customers to give themselves a discount on purchases. The newest member of the team who recently came from a job working as an auditor for a large security consulting firm suggests using two tools, a fuzzer and an HTTP interceptor. What issues could be checked with this software?
A. open ports that the application does not use
B. validate all input in drop down boxes and free form text field
C. access control to the critical modules
D. performance under stress
B
Explanation: HTTP interceptors are tools that can be used to introduce invalid input to see if the application performs proper input validation. Fuzzers introduce random output to assess the reaction of the application to the random output. Both could be used in this case to validate all input in drop-down boxes and free-form text fields.
You might also like to view...
Now use your house function to draw a town with dozens of houses at different sizes. You’ll probably want to modify your house function to draw at an input coordinate, then change the coordinate where each house is drawn.
What will be an ideal response?
During application development, the IT staff will develop a structure chart. What steps should they follow?
What will be an ideal response?
To move a lookup table to a different sheet within the same workbook, you must ________ to ensure that the formulas still work as intended
A) delete the table from the original sheet and recreate it on the new sheet B) use the Move Table command C) Cut and Paste the table D) Copy and Paste the table
One of the differences between the a typedef statement and a #define statement is that typedef statements are processed directly by the compiler while #define statements are processed by the preprocessor.
Answer the following statement true (T) or false (F)