Podcast
Questions and Answers
What is a recommended practice to protect sensitive data in applications?
What is a recommended practice to protect sensitive data in applications?
- Allowing unlimited input options
- Using encryption to transmit sensitive data (correct)
- Displaying detailed error messages
- Logging limited activity
Which practice helps restrict user access in applications?
Which practice helps restrict user access in applications?
- Keeping logs of all activity
- Providing verbose error messages
- Balancing transactions properly
- Menus to restrict actions (correct)
What should error messages in applications ideally provide?
What should error messages in applications ideally provide?
- Unrestricted access to the system
- Verbose details of the error
- Minimum necessary information (correct)
- Additional options for the user
Why is two-factor authentication usually desirable for critical systems?
Why is two-factor authentication usually desirable for critical systems?
What can developers do to address application security issues?
What can developers do to address application security issues?
What is the benefit of incorporating security in all phases of the SDLC?
What is the benefit of incorporating security in all phases of the SDLC?
What approach should an IT auditor take when assessing web application vulnerabilities?
What approach should an IT auditor take when assessing web application vulnerabilities?
What is an activity associated with the audit of application controls?
What is an activity associated with the audit of application controls?
How can identified risks be placed in the context of web development?
How can identified risks be placed in the context of web development?
What should controls reflect in application development activity?
What should controls reflect in application development activity?