CSLLP Secure Software Implementation 2

Question 1

Which HTTP header prevents a web page from being embedded in an iframe on another domain, protecting against clickjacking?

Accepted Answer

X-Frame-Options

Answer

The X-Frame-Options header (or the frame-ancestors directive in Content-Security-Policy) controls whether the browser allows the page to be displayed in a frame or iframe on another origin.

Question 2

What is a race condition vulnerability in software?

Accepted Answer

A flaw where the security outcome depends on the uncontrolled timing or ordering of concurrent events

Answer

A race condition (or TOCTOU - Time of Check to Time of Use) occurs when system behavior depends on the sequence or timing of uncontrollable events, potentially allowing security bypass.

Question 3

Which secure coding technique prevents integer overflow vulnerabilities?

Accepted Answer

Validating arithmetic operations and using safe integer libraries that check for overflow

Answer

Integer overflow prevention involves checking arithmetic operations before they occur or using language constructs and libraries that throw exceptions when overflow would result.

Question 4

What is the OWASP-recommended approach for protecting sensitive data in web applications?

Accepted Answer

Classify data, apply encryption at rest and in transit, and minimize retention of sensitive data

Answer

OWASP recommends classifying sensitive data, using strong encryption both at rest and in transit, and not storing sensitive data beyond its necessary retention period.

Question 5

Which practice helps prevent insecure deserialization vulnerabilities?

Accepted Answer

Validate and sanitize serialized data, use integrity checks, and avoid deserializing data from untrusted sources

Answer

Insecure deserialization can allow attackers to manipulate serialized objects to achieve remote code execution, so all deserialized data from untrusted sources must be carefully validated.

CSLLP - Certified Secure Software Lifecycle Professional Practice Test

CSLLP - Certified Secure Software Lifecycle Professional Practice Test

CSLLP Secure Software Implementation 2