192 Chapter 8 ■ Software Development Security (Domain 8)
- What part of the security review process are the input parameters shown in the diagram
used for?
Configuration
input
parametersUser input
parametersControl input
parametersParameter
tracking through
codeBack-end
input
parametersA. SQL injection review
B. Sprint review
C. Fagan inspection
D. Attack surface identification- What application security process can be described in these three major steps?
- Decomposing the application
- Determining and ranking threats
- Determining countermeasures and mitigation
A. Fagan inspection
B. Threat modeling
C. Penetration testing
D. Code review
- Which one of the following approaches to failure management is the most conservative
from a security perspective?
A. Fail open
B. Fail mitigation
C. Fail clear
D. Fail closed