Legacy Applications Security Practices Quiz

Questions and Answers

What is a common problem with applications mentioned in the text?

Verbose error messages (correct)

Lack of network isolation

Insecure communication channels

Insufficient user authentication

Why is two-factor authentication usually desirable for critical systems?

It provides a backup if one factor is compromised (correct)

It simplifies the login process

It allows unlimited invalid login attempts

It speeds up the user login experience

What is a potential consequence of not implementing a secure development life cycle for mobile and web applications?

Unexpected vulnerability to privacy (correct)

Decreased vulnerability to attacks

Reduced risk of privacy violations

Improved data encryption

Why should legacy applications be protected through the use of middleware?

To isolate direct access and manage data input/output

What is a recommended practice for improving application security?

Addressing security issues in all phases of the SDLC

How can developers benefit economically and efficiently in terms of application security?

By incorporating security in all SDLC phases

What should an IT auditor do when auditing web applications?

Use a risk-based approach to assess vulnerabilities

How can risk related to inadequate specifications be identified?

Based on previous experience and best practices

When assessing risk in web application development, what should be the primary focus?

Application development risk, business risk, and technical vulnerabilities

Why is it important for controls to reflect the specific development activity being reviewed?

To align controls with the way development is carried out in that area