10 Questions
What is a recommended practice to protect sensitive data in applications?
Using encryption to transmit sensitive data
Which practice helps restrict user access in applications?
Menus to restrict actions
What should error messages in applications ideally provide?
Minimum necessary information
Why is two-factor authentication usually desirable for critical systems?
To enhance security by requiring multiple credentials for access
What can developers do to address application security issues?
Consider potential risks for each business function
What is the benefit of incorporating security in all phases of the SDLC?
Economic and efficiency benefits
What approach should an IT auditor take when assessing web application vulnerabilities?
Apply a risk-based approach
What is an activity associated with the audit of application controls?
Application risk monitoring
How can identified risks be placed in the context of web development?
Support of best practice material on web development
What should controls reflect in application development activity?
The way development activity takes place in the area under review
Test your knowledge on control practices for protecting information in applications, including masking, menus, drop-down boxes, range checks, balancing, logs, certificates, encryption, documentation, and coding standards.
Make Your Own Quizzes and Flashcards
Convert your notes into interactive study material.
Get started for free
