After Matt, a user, enters his username and password at the login screen of a web enabled portal, the following appears on his screen: `Please only use letters and numbers on these fields’ Which of the following is this an example of?
A. Proper error handling B. Proper input validation C. Improper input validation D. Improper error handling
Answer: B
Explanation: Input validation is an aspect of secure coding and is intended to mitigate against possible user input attacks, such as buffer overflows and fuzzing. Input validation checks every user input submitted to the application before processing that input. The check could be a length, a character type, a language type, or a domain.
Which of the following techniques can be used to prevent the disclosure of system information resulting from arbitrary inputs when implemented properly?
A. Fuzzing B. Patch management C. Error handling D. Strong passwords
Answer: C
Explanation: Exception handling is an aspect of secure coding. When errors occur, the system should revert back to a secure state. This must be coded into the system by the programmer, and should capture errors and exceptions so that they could be handled by the application.
A program displays: ERROR: this program has caught an exception and will now terminate. Which of the following is MOST likely accomplished by the program’s behavior?
A. Operating system’s integrity is maintained B. Program’s availability is maintained C. Operating system’s scalability is maintained D. User’s confidentiality is maintained
Answer: A
Explanation: The purpose of error handling is to maintain the security and integrity of the system. Integrity is compromised when unauthorized modification occurs.