Chapter 8 ■ Software Development Security (Domain 8) 187
C. SQL injection
D. Cross-site request forgery- Which one of the following is not an effective control against SQL injection attacks?
A. Escaping
B. Client-side input validation
C. Parameterization
D. Limiting database permissions- What type of project management tool is shown in the figure?
t=3 mo
A
B50402010 30CEFDt=3 mot=3 mot=4 mo t=3 mot=1 moA. WBS chart
B. PERT chart
C. Gantt chart
D. Wireframe diagram- In what software testing technique does the evaluator retest a large number of scenarios
each time that the software changes to verify that the results are consistent with a standard
baseline?
A. Orthogonal array testing
B. Pattern testing
C. Matrix testing
D. Regression testing - Which one of the following conditions may make an application most vulnerable to a
cross-site scripting (XSS) attack?
A. Input validation
B. Reflected input
C. Unpatched server
D. Promiscuous firewall rules