Briefly define/describe what is meant by “defensive programming

Document Preview:

Briefly define/describe what is meant by “defensive programming.” Which of the following is NOT a valid category of software errors? Porous Defenses Malware activation Insecure interaction between components Risky resource management Identify a form of injection attack, AND briefly describe what is involved in this type of attack. Which of the following is NOT a valid characteristic of cross site scripting? An attack where input from one user is later output to another user Commonly seen in scripted web apps Can be created with JavaScript and Active X Social networking websites are immune to cross site scripting Identify AND briefly describe an approach for validating the input to a program. Match the following with the words that best describe them (4 points) Memory leak; Race condition; Fuzzing; Least Privilege; Privilege escalation;Canonicalization; Safe code; XSS reflection; A powerful testing method using a large range of randomly generated inputs ____________________ Where multiple processes or threads compete to gain access to resources possibly resulting in corrupted data and/or lost changes ____________________ Attackers exploit flaws in programs to give the attacker great authority or power ____________________ Where a program fails to correctly manage use and release of memory causing a steady reduction in available memory to the point where it is completely exhausted ____________________ Briefly define/describe the “white listing” security approach. Which of the following is the best definition/description of the chroot jail Linux/Unix security control? Prevents a user from switching to su/root level privilege Shuts down discretionary access control mechanisms Restricts a system/user view of the file system to a specified portion Encrypts the password file Briefly define/describe the function/purpose of a virtual machine hypervisor OR describe one of the hypervisor’s security roles. Which of the...