- Which of the following is not the input of whitebox review?
- Source code
- Threat-modeling documents
- Automated static code analysis results
- Antivirus scanning results
- What are the tools doxygen and naturaldocs used for?
- Generating documents directly from source code
- Static code scanning
- Dynamic code scanning
- Reverse engineering
- Which of the following are high-risk modules?
- Authentication
- Authorization
- API interfaces
- All of the above
- Which one of the following APIs is not related to buffer overflow?
- strcpy
- strncat
- memcpy
- fwrite
- What can cause missing authentication?
- The uses of partial URL match API to determine the need for authentication such as StartsWith and EndsWith
- No path canonicalization before validation
- No ...
Questions
Get Hands-On Security in DevOps now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.