Secure Coding Practices: Authentication, Authorization & Error Handling

Questions and Answers

PDF Questions PDF Answers

What is a recommended practice to prevent session hijacking or fixation?

Sharing session IDs via URLs

Extending session timeouts indefinitely

Using random session IDs (correct)

Storing session IDs in plain text

Which of the following is NOT a secure communication practice mentioned in the text?

Ensuring secure communication between components

Protecting data in transit

Hardcoding sensitive information (correct)

Using encrypted protocols like HTTPS

What approach helps identify and fix security flaws early in the development process?

Regular code reviews (correct)

Using default configurations

Never conducting security testing

Shipping applications with default passwords

Which secure design principle focuses on granting users or processes only the minimum level of access they need?

Least Privilege

Which secure design principle emphasizes implementing multiple layers of security controls throughout the system?

Defense-in-Depth

Which secure design principle focuses on distributing system tasks to prevent any single entity from having complete control?

Separation of Duties

According to secure design principles, what should be done to limit shared resources among users or components?

Adhere to Least Common Mechanism

What practice helps to prevent unauthorized access by ensuring that access to resources is checked every time it's attempted?

Complete Mediation

Which principle involves basing the security of a system on open and well-known principles rather than relying on secrecy for security?

Open Design

Why is Secure SDLC important in modern software development?

It integrates security testing at each development stage