Secure Coding Practices: Authentication, Authorization & Error Handling

Questions and Answers

What is a recommended practice to prevent session hijacking or fixation?

• Sharing session IDs via URLs
• Extending session timeouts indefinitely
• Using random session IDs (correct)
• Storing session IDs in plain text

Which of the following is NOT a secure communication practice mentioned in the text?

• Ensuring secure communication between components
• Protecting data in transit
• Hardcoding sensitive information (correct)
• Using encrypted protocols like HTTPS

What approach helps identify and fix security flaws early in the development process?

• Regular code reviews (correct)
• Using default configurations
• Never conducting security testing
• Shipping applications with default passwords

Which secure design principle focuses on granting users or processes only the minimum level of access they need?

Least Privilege (C)

Which secure design principle emphasizes implementing multiple layers of security controls throughout the system?

Defense-in-Depth (C)

Which secure design principle focuses on distributing system tasks to prevent any single entity from having complete control?

Separation of Duties (A)

According to secure design principles, what should be done to limit shared resources among users or components?

Adhere to Least Common Mechanism (B)

What practice helps to prevent unauthorized access by ensuring that access to resources is checked every time it's attempted?

Complete Mediation (A)

Which principle involves basing the security of a system on open and well-known principles rather than relying on secrecy for security?

Open Design (D)

Why is Secure SDLC important in modern software development?

It integrates security testing at each development stage (B)