D487 Secure Software Design - Set 2 - Part 1

Correct Answer: Economy of mechanism

The economy of mechanism principle advocates for simplicity in design, which reduces the attack surface by limiting unnecessary features that could introduce vulnerabilities.

Correct Answer: To ensure data integrity and prevent attacks

Input validation is crucial for ensuring that only acceptable data is processed, preventing various attacks such as SQL injection and cross-site scripting (XSS).

Correct Answer: Information leakage

Improper error handling can lead to information leakage, where sensitive information is exposed to users or attackers through error messages.

Correct Answer: Two-factor authentication

Two-factor authentication (2FA) enhances security by requiring two forms of verification, making it more difficult for unauthorized users to gain access.

Correct Answer: Users should be granted only the minimum access necessary

The principle of least privilege states that users should only have the permissions necessary to perform their job functions, reducing the risk of accidental or malicious actions.

Correct Answer: Exploit

An exploit is a piece of software, a chunk of data, or a sequence of commands that takes advantage of a bug or vulnerability in software to gain unauthorized access.

Correct Answer: Patch management

Patch management involves applying updates and fixes to software to address vulnerabilities and improve security.

Correct Answer: Integrating security at every phase of the development process

"Security by design" emphasizes incorporating security measures throughout the software development lifecycle, rather than as an afterthought.

Correct Answer: Validating user input

Validating user input is essential for preventing XSS attacks by ensuring that any data entered by users does not contain executable scripts.

Correct Answer: To identify and prioritize potential security threats

Threat modeling helps teams understand the security risks associated with a system and prioritize them for mitigation.

Correct Answer: Fail securely

The principle of failing securely ensures that if a system fails, it does so in a way that maintains security, minimizing the potential damage from a breach.

Correct Answer: Enhanced security posture

Adhering to secure coding standards helps developers create applications that are less vulnerable to attacks, thereby improving the overall security posture.

Correct Answer: Filtering and validating input to prevent malicious data

Input sanitization involves cleaning and validating user input to ensure it does not contain harmful data that could compromise security.

Correct Answer: Broken authentication

Broken authentication occurs when security measures for verifying user identity are weak, allowing unauthorized access to systems and data.

Correct Answer: To evaluate the effectiveness of security controls

A security audit aims to review and assess the security measures in place, ensuring they are effective and compliant with relevant policies and regulations.

Correct Answer: Employing multiple overlapping security measures

Defense in depth advocates for a multi-layered security approach, which reduces the risk of a successful attack by having several security measures in place.

Correct Answer: Implementing encryption

Encryption is crucial for protecting sensitive data during transmission, ensuring that even if data is intercepted, it remains unreadable to unauthorized parties.

Correct Answer: To identify and mitigate security vulnerabilities

Code reviews are critical for spotting security vulnerabilities and ensuring that secure coding practices are followed throughout development.

Correct Answer: To assign permissions based on user roles

RBAC restricts system access to authorized users based on their roles, ensuring that users can only access information necessary for their tasks.

Correct Answer: SQL injection

SQL injection occurs when an application improperly handles user input, allowing an attacker to manipulate SQL queries and gain unauthorized access to the database.