D385 - Software Security And Testing With
Complete Solutions Latest Update
What is the primary defense against log injection attacks? - correct answers
Sanitize outbound log messages
Sanitizing - correct answers Sanitizing is the process of cleansing, filtering, or
altering data to eliminate sensitive, harmful, or inappropriate content. It often
involves validation and transformation of data to ensure its integrity and security.
In the context of outbound log messages, sanitizing is the practice of reviewing
and modifying log data to remove sensitive or confidential information, validate
its correctness, and ensure that it adheres to security and privacy standards
before it's shared with external systems or users.
How to spot -
Log Injection - correct answers - Look for Unsanitized User Input
- Examine Log Functions
- Check for User-Controlled Data
Defensive Programming - correct answers a software development approach that
aims to create robust and secure software by anticipating and guarding against
unexpected failures and security vulnerabilities.
It involves implementing error handling, input validation, and security measures
to protect the software from unexpected inputs, attacks, or faults, thereby
enhancing its reliability and security.
,Static Testing - correct answers a type of software testing that examines the
source code, design, or documentation without executing the program. It aims to
identify defects early in the development process.
white box
Dynamic Testing - correct answers a software testing technique that involves
executing the program or application with test cases to observe its behavior at
runtime. It aims to find defects related to functionality, performance, and
reliability
white-box, black-box, grey-box
Fuzz Testing (Fuzzy Testing) - correct answers a testing technique that involves
providing unexpected or random inputs to a software application to discover
vulnerabilities, crashes, or unexpected behavior. It is commonly used for security
testing
black-box
Unit Testing - correct answers a level of software testing where smallest individual
components - units of a software application are tested in isolation to ensure they
work as intended. It helps identify and fix issues at the smallest functional level.
white box
,frequency: as soon as an unit is complete, before it moves on
advantages: done early, easier to find root cause
disadvantages: tunnel vision since performed the developer, less formal
Integration Testing - correct answers a level of software testing that focuses on
testing the interactions between different units or modules of a software
application. It ensures that the integrated components work together correctly
grey box
frequency: usually when 2 or more units get integrated, team specific guidelines,
done by developers or specialized teams
Regression Testing - correct answers Regression testing is a type of testing
performed to verify that recent code changes or updates do not introduce new
, defects or negatively impact existing functionality. It typically involves re-running
previous test cases.
grey-box or black-box
frequency: when a change is made, to verify that the change didn't reintroduce
problems, testing team
disadvantages: could be implemented poorly (radiation 8 ppl died)
Patterns:
- regress all
- regress some
User Acceptance Testing (UAT) - correct answers a phase of software testing
where end users or clients test the software to ensure it meets their requirements
and is ready for production use. It validates that the software aligns with user
expectations.
black-box (because it focuses on whether the software meets user requirements
without diving into internal code).
frequency: alpha, beta, done by end users, subject matter expert
disadvantages: end users may be untrained, lack of focus, bias
Voordelen van het kopen van samenvattingen bij Stuvia op een rij:
√ Verzekerd van kwaliteit door reviews
Stuvia-klanten hebben meer dan 700.000 samenvattingen beoordeeld. Zo weet je zeker dat je de beste documenten koopt!
Snel en makkelijk kopen
Je betaalt supersnel en eenmalig met iDeal, Bancontact of creditcard voor de samenvatting. Zonder lidmaatschap.
Focus op de essentie
Samenvattingen worden geschreven voor en door anderen. Daarom zijn de samenvattingen altijd betrouwbaar en actueel. Zo kom je snel tot de kern!
Veelgestelde vragen
Wat krijg ik als ik dit document koop?
Je krijgt een PDF, die direct beschikbaar is na je aankoop. Het gekochte document is altijd, overal en oneindig toegankelijk via je profiel.
Tevredenheidsgarantie: hoe werkt dat?
Onze tevredenheidsgarantie zorgt ervoor dat je altijd een studiedocument vindt dat goed bij je past. Je vult een formulier in en onze klantenservice regelt de rest.
Van wie koop ik deze samenvatting?
Stuvia is een marktplaats, je koop dit document dus niet van ons, maar van verkoper Schoolflix. Stuvia faciliteert de betaling aan de verkoper.
Zit ik meteen vast aan een abonnement?
Nee, je koopt alleen deze samenvatting voor €14,28. Je zit daarna nergens aan vast.