Exam 11: Software Security

The correct implementation in the case of an atomic operation is to test separately for the presence of the lockfile and to not always attempt to create it.

If privileges are greater than those already available to the attacker the result is a _________.

A _______ attack is where the input includes code that is then executed by the attacked system.

In the ________ attack the user supplied input is used to construct a SQL request to retrieve information from a database.

Blocking assignment of form field values to global variables is one of the defenses available to prevent a __________ attack.

Security flaws occur as a consequence of sufficient checking and validation of data and error codes in programs.

A number of widely used standard C _________ compound the problem of buffer overflow by not providing any means of limiting the amount of data transferred to the space available in the buffer.

A ________ is a pattern composed of a sequence of characters that describe allowable input variants.

The most common technique for using an appropriate synchronization mechanism to serialize the accesses to prevent errors is to acquire a _______ on the shared file,ensuring that each process has appropriate access in turn.

The major advantage of ________ is its simplicity and its freedom from assumptions about the expected input to any program,service,or function.

Injection attacks variants can occur whenever one program invokes the services of another program,service,or function and passes to it externally sourced,potentially untrusted information without sufficient inspection and validation of it.

The process of transforming input data that involves replacing alternate,equivalent encodings by one common value is called _________.

"Failure to Preserve SQL Query Structure" is in the __________ CWE/SANS software error category.

A variant where the attacker includes malicious script content in data supplied to a site is the __________ vulnerability.

An ASCII character can be encoded as a 1 to 4 byte sequence using the UTF-8 encoding.

Cross-site scripting attacks attempt to bypass the browser's security checks to gain elevated access privileges to sensitive data belonging to another site.

Program input data may be broadly classified as textual or ______.

Programmers often make assumptions about the type of inputs a program will receive.

_________ are a collection of string values inherited by each process from its parent that can affect the way a running process behaves.

A ________ occurs when multiple processes and threads compete to gain uncontrolled access to some resource.