A security architect is creating a data flow diagram and draws an arrow between two circles.
What does the arrow represent?
Which secure software design principle assumes attackers have the source code and specifications of the product?
Which category classifies identified threats that have defenses in place and do not expose the application to exploits?
Which secure coding practice involves clearing all local storage as soon as a user logs of for the night and will automatically log a user out after an hour of inactivity?
The security software team has cloned the source code repository of the new software product so they can perform vulnerability testing by modifying or adding small snippets of code to see if they can cause unexpected behavior and application failure.
Which security testing technique is being used?
Recent vulnerability scans discovered that the organization's production web servers were responding to ping requests with server type, version, and operating system, which hackers could leverage to plan attacks.
How should the organization remediate this vulnerability?
Which type of security analysis is performed by injecting malformed data into open interfaces of an executable or running application and is most commonly executed during the testing or deployment phases of the SDLC?
Which design and development deliverable contains the types of evaluations that were performed, how many times they were performed, and how many times they were re-evaluated?
Which secure coding practice uses role-based authentication where department-specific credentials will authorize department-specific functionality?
Which threat modeling methodology involves creating or using collections of similar threats?
