Exam 11: Software Security

Without suitable synchronization of accesses it is possible that values may be corrupted,or changes lost,due to over-lapping access,use, and replacement of shared values.

Blocking assignment of form field values to global variables is one of the defenses available to prevent a __________ attack.

To counter XSS attacks a defensive programmer needs to explicitly identify any assumptions as to the form of input and to verify that any input data conform to those assumptions before any use of the data.

UNIX related systems provide the chroot system function to limit a program's view of the file system to just one carefully configured section that is known as a ________.

The principle of ________ strongly suggests that programs should execute with the least amount of privileges needed to complete their function.

Security flaws occur as a consequence of sufficient checking and validation of data and error codes in programs.

Programmers often make assumptions about the type of inputs a program will receive.

In the ________ attack the user supplied input is used to construct a SQL request to retrieve information from a database.

_________ are a collection of string values inherited by each process from its parent that can affect the way a running process behaves.

__________ attacks are vulnerabilities involving the inclusion of script code in the HTML content of a Web page displayed by a user's browser.

Key issues from a software security perspective are whether the implemented algorithm correctly solves the specified problem,whether the machine instructions executed correctly represent the high level algorithm specification,and whether the manipulation of data values in variables is valid and meaningful.

The major advantage of ________ is its simplicity and its freedom from assumptions about the expected input to any program,service,or function.

The correct implementation in the case of an atomic operation is to test separately for the presence of the lockfile and to not always attempt to create it.

A stead reduction in memory available on the heap to the point where it is completely exhausted is known as a ________.

A _________ attack occurs when the input is used in the construction of a command that is subsequently executed by the system with the privileges of the Web server.

A difference between defensive programming and normal practices is that everything is assumed.

A ________ is a pattern composed of a sequence of characters that describe allowable input variants.

Program input data may be broadly classified as textual or ______.

A variant where the attacker includes malicious script content in data supplied to a site is the __________ vulnerability.

A number of widely used standard C _________ compound the problem of buffer overflow by not providing any means of limiting the amount of data transferred to the space available in the buffer.