Chapter 8 ■ Software Development Security (Domain 8) 197
- Cross-site request forgery
- SQL injection
A. An attack that injects a malicious script into otherwise trusted websites
B. An attack that is designed to execute commands against a database via an insecure
web application
C. An exploitation method that often involves cookies or keys to gain unauthorized
access to a computer or service
D. An attack that forces a user to execute unwanted actions in a website or application
they are currently logged in to - Which of the following vulnerabilities might be discovered during a penetration test of a
web-based application?
A. Cross-site scripting
B. Cross-site request forgery
C. SQL injection
D. All of the above - What approach to technology management integrates the three components of technology
management shown in this illustration?
Software
DevelopmentOperationsQuality
AssuranceImage reprinted from CISSP (ISC)^2 Certified Information Systems Security Professional Official Study
Guide, 7th Edition © John Wiley & Sons 2015, reprinted with permission.A. Agile
B. Lean
C. DevOps
D. ITIL