D385: FINAL || All Solved.
What is Defensive Programming? correct answers - assume mistakes will happen and guard
against them
- assertions are the most common way of doing this
- code checks itself as it runs
- always check, validate, and sanitize data
Which attribute provides a dictionary of breakpoint instances? correct answers - bplist
- maintains a (file, line) tuple of breakpoints
Which function can be used to return all set breakpoints? correct answers - get_all_breaks( )
- returns a string with all set breakpoints
Which 3 data types are considered user-provided? correct answers - cookies
- POST data payloads
- URL parameters
What are limitations of Static Code Analysis correct answers - does not account for runtime
vulnerabilities
- requires the tester to posses both testing and software development skills
- tools would have to be language specific
Advantage of Static Code Analysis? correct answers - fast turnaround time
- especially when tools are used
Advantage of Dynamic Code Analysis? correct answers - no need to understand how to write
software
, - finds runtime vulnerabilities
- requires only a running system; conducted on any application
Limitations of Dynamic Code Analysis? correct answers - false positives and false negatives
- dependent on the correctness of the rules
- false sense of security
- difficult to trace back to exact location
What kind of attacks does Client-side Testing look to prevent? correct answers - XSS
- SQLi
- CORS
- Clickjacking
- HTML injection
Secure Unit Testing correct answers - check for bad input
- bypass security
- inject bad data
How to hash with sha256 in Python? correct answers import hashlibsha256 =
hashlib.sha256()sha256.update(b'message')hash = sha256.hexdigest()
Examples of Block Ciphers? correct answers - Triple DES
- Blowfish
- Twofish
- AES
Examples of Stream Ciphers? correct answers - RC4
What is Defensive Programming? correct answers - assume mistakes will happen and guard
against them
- assertions are the most common way of doing this
- code checks itself as it runs
- always check, validate, and sanitize data
Which attribute provides a dictionary of breakpoint instances? correct answers - bplist
- maintains a (file, line) tuple of breakpoints
Which function can be used to return all set breakpoints? correct answers - get_all_breaks( )
- returns a string with all set breakpoints
Which 3 data types are considered user-provided? correct answers - cookies
- POST data payloads
- URL parameters
What are limitations of Static Code Analysis correct answers - does not account for runtime
vulnerabilities
- requires the tester to posses both testing and software development skills
- tools would have to be language specific
Advantage of Static Code Analysis? correct answers - fast turnaround time
- especially when tools are used
Advantage of Dynamic Code Analysis? correct answers - no need to understand how to write
software
, - finds runtime vulnerabilities
- requires only a running system; conducted on any application
Limitations of Dynamic Code Analysis? correct answers - false positives and false negatives
- dependent on the correctness of the rules
- false sense of security
- difficult to trace back to exact location
What kind of attacks does Client-side Testing look to prevent? correct answers - XSS
- SQLi
- CORS
- Clickjacking
- HTML injection
Secure Unit Testing correct answers - check for bad input
- bypass security
- inject bad data
How to hash with sha256 in Python? correct answers import hashlibsha256 =
hashlib.sha256()sha256.update(b'message')hash = sha256.hexdigest()
Examples of Block Ciphers? correct answers - Triple DES
- Blowfish
- Twofish
- AES
Examples of Stream Ciphers? correct answers - RC4
