Software Security and Testing (WGU - D385)
1. HTTP status code 403 Forbidden - Client lacks necessary permissions
2. HTTP status code 405 Method Not Allowed - Endpoint does not support the
HTTP method
3. HTTP status code 404 Not Found - The requested resource does not exist
4. User-Agent header Specifies what software the client is using to commu-
nicate with the server
5. Authentication head- Specifies the credentials of the user calling the API
er
6. Denial of Service An attack that involves an overload of requests to
degrade system performance
7. Code Injection An attack that allows an attacker to insert malicious
code into a program
8. HSTS headers ab- Indicates a vulnerability to Man-in-the-Middle Attack
sence
9. Accept header Specifies the content type the client can accept
10. Content-Type header Specifies the type of content the server will respond
with
11. HTTP status code 400 Bad Request - Invalid syntax or formatting
12. Regression Testing A software testing method that uses old test cases to
verify the impact of recent changes
13. Timing of regression Should be conducted after code changes are imple-
testing mented
14. Cross-Site Scripting An attack that involves executing malicious scripts on
a victim's browser
15. Log injection Allows an attacker to inject commands that a parser
can execute
1/9
, Software Security and Testing (WGU - D385)
16. OAuth A protocol that commonly uses tokens to authenti-
cate users and caches them for reuse
17. Server header Specifies the software the server is using
18. response.content Returns the raw binary content of the HTTP re-
sponse as bytes
19. Type and Range Input validation that checks data types and value
Check ranges
20. Defense against log Sanitize outbound log messages
injection attacks
21. Cross-Site Scripting Allows an attacker to access the user's data
vulnerability
22. eval() Prone to a potential code injection attack
23. Defensive coding Check functional preconditions and postconditions
techniques
24. unittest package Meant for internal use by Python for regression test-
ing
25. type() Used for input validation
26. Broken Access Con- A vulnerability where an attacker takes over multiple
trol users' accounts
27. Privilege escalation Implement resource and field-level access control
protection
28. SQL injection Exploiting query parameters
29. Common debugging Printing variable values, setting breakpoints, step-
techniques ping through code
30. Python debugging pdb, Web-PDB, wdb, Pyflame, objgraph
tools
2/9
1. HTTP status code 403 Forbidden - Client lacks necessary permissions
2. HTTP status code 405 Method Not Allowed - Endpoint does not support the
HTTP method
3. HTTP status code 404 Not Found - The requested resource does not exist
4. User-Agent header Specifies what software the client is using to commu-
nicate with the server
5. Authentication head- Specifies the credentials of the user calling the API
er
6. Denial of Service An attack that involves an overload of requests to
degrade system performance
7. Code Injection An attack that allows an attacker to insert malicious
code into a program
8. HSTS headers ab- Indicates a vulnerability to Man-in-the-Middle Attack
sence
9. Accept header Specifies the content type the client can accept
10. Content-Type header Specifies the type of content the server will respond
with
11. HTTP status code 400 Bad Request - Invalid syntax or formatting
12. Regression Testing A software testing method that uses old test cases to
verify the impact of recent changes
13. Timing of regression Should be conducted after code changes are imple-
testing mented
14. Cross-Site Scripting An attack that involves executing malicious scripts on
a victim's browser
15. Log injection Allows an attacker to inject commands that a parser
can execute
1/9
, Software Security and Testing (WGU - D385)
16. OAuth A protocol that commonly uses tokens to authenti-
cate users and caches them for reuse
17. Server header Specifies the software the server is using
18. response.content Returns the raw binary content of the HTTP re-
sponse as bytes
19. Type and Range Input validation that checks data types and value
Check ranges
20. Defense against log Sanitize outbound log messages
injection attacks
21. Cross-Site Scripting Allows an attacker to access the user's data
vulnerability
22. eval() Prone to a potential code injection attack
23. Defensive coding Check functional preconditions and postconditions
techniques
24. unittest package Meant for internal use by Python for regression test-
ing
25. type() Used for input validation
26. Broken Access Con- A vulnerability where an attacker takes over multiple
trol users' accounts
27. Privilege escalation Implement resource and field-level access control
protection
28. SQL injection Exploiting query parameters
29. Common debugging Printing variable values, setting breakpoints, step-
techniques ping through code
30. Python debugging pdb, Web-PDB, wdb, Pyflame, objgraph
tools
2/9
