D385 Logging and Security Issues Exam Questions and Answers | Verified & Updated| 100% Correct| 18 pages

D385 Logging and Security Issues Exam Questions and Answers | Verified & Updated| 100% Correct| 18 pages What are some common debugging techniques? - Answer ️️ -- printing out values of variables - changing the state ("path") of the program to make it do different things - stepping through the execution of a program line by line - breakpoints - trace points - stopping the program at certain events - viewing the output of a program in a debugger window What are some Python debugging tools? - Answer ️️ -- pdb: most commonly used - Web-PDB - wdb - Pyflame - objgraph XML External Entity Attacks - Answer ️️ -- XXE - when attackers exploit an XML parser to read arbitrary files on your server - attackers might also be able to read config files, retrieve user information Insecure Deserialization - Answer ️️ -- serialization is the conversion of an object in a programming language is saved into a format that can be saved to a database - DEserialization is when a serialized object is read from a file or the network and converted back into an object - INSECURE DESERIALIZATION occurs when an attacker can manipulate the serialized object and achieve authentication bypass, DOS, or arbitrary code execution Injection Attacks - Answer ️️ -- when an application cannot properly distinguish between untrusted user data and code - typically allows for arbitrary code execution SQL Injection Attack Mitigation - Answer ️️ -- use parameterized statements Log Injection Attack Mitigation - Answer ️️ -- prefixing log entries with meta-data (i.e. timestamp) - validate the entry before accessing or opening Sensitive Data Leaks - Answer ️️ -- occurs when an application fails to properly protect sensitive informati