Exam 9: Coding in the Cube: Developing Good Habit

Exception handling is the cornerstone for all secure code.

Data authorization is a two-way street: first, the user's ID must be validated and second the user's request needs to be authorized.

What should the application do if the user has failed to log in after 5 attempts?

It is best to wait to add debugging techniques to the code when the code is broken.

PHP is a server-side language that runs on application servers.

What type of errors when a data flow does not flow as expected?

There is only one type of error in application development: compile-time errors.

When reusable code gets buried into other code, the logic can and should be reused by other use cases.

What design pattern forces the server to create only one object in its heap, thus making the server run very efficiently while using minimum RAM?

Some popular programming languages that deal wth security include the following: -Java -PHP -C/C++

What type of list defines bad input values?

If requesting the application to provide sensitive information over the public network can sometimes be too risky, what should be done?

What type of list defines only accepted input values?

Data encapsulation hides all internal code, variables, and logic from the outside world, therefore restricting acces to any outside callers.

What you choose to tell the user in error messages is up to you, but it should specifically benefit them.

Not every request that comes into the application should be treated as a potential attack.

When logging tailored messages for an application, use a file separate from the server logs and secure the priveleges on that file.

Which is NOT a characteristic of validation the input request?

What is it called when developers write a piece of software for a specific purpose

Which statement best suits the generalization of error messages?