Web Penetration Testing and Application Security

Questions and Answers

What is the purpose of cataloguing third-party code libraries?

To maintain an inventory of used code (correct)

To track vulnerabilities in the code

To ensure the code is up to date

To reduce the attack surface

What is application hardening used for?

To avoid vulnerabilities in software applications (correct)

To prevent SQL injection attacks

To protect against buffer overflow attacks

To prevent reverse engineering of the application

What is code obfuscation used against?

Cross-site scripting attacks

SQL injection attacks

Reverse engineering of applications (correct)

Buffer overflow attacks

Why is it important to reuse frameworks and libraries from actively maintained sources?

To ensure the code is up to date

What is the purpose of dependency checking tools?

To check for vulnerabilities in the code

What is the benefit of reducing vulnerabilities and the attack surface?

It reduces the risk of attacks on the application

What is the purpose of reusing code chunks?

To reduce the attack surface

What is the goal of application hardening techniques?

To enable safe running in zero-trust environments

What is the purpose of encrypting code in an application?

To prevent reverse engineering of the application

Why is it important to actively check for code component updates?

To ensure the code is up to date