Which type of manual code review technique is being used when the reviewer starts at an input control and traces its value through the application to each of the value's outputs?
Which secure coding best practice says to require authentication before allowing any files to be uploaded and to limit the types of files to only those needed for the business purpose?
The security team has received notice of an insecure direct object reference vulnerability in a third-party component library that could result in remote code execution. The component library was replaced and is no longer being used within the application.
How should the organization remediate this vulnerability?
The software security group is conducting a maturity assessment using the Open Web Application Security Project Software Assurance Maturity Model (OWASP SAMM). They are currently focused on reviewing design artifacts to ensure they comply with organizational security standards.
Which OpenSAMM business function is being assessed?
Which type of security analysis is performed by reviewing source code line-by-line after other security analysis techniques have been executed?
A software security team recently completed an internal assessment of the company's security assurance program. The team delivered a set of scorecards to leadership along with proposed changes designed to improve low-scoring governance, development, and deployment functions.
Which software security maturity model did the team use?
Company leadership has discovered an untapped revenue stream within its customer base and wants to meet with IT to share its vision for the future and determine whether to move forward.
Which phase of the software development lifecycle (SDLC) is being described?
The security team is reviewing whether changes or open issues exist that would affect requirements for handling personal information documented in earlier phases of the development life cycle.
Which activity of the Ship SDL phase is being performed?
Which architecture deliverable identifies the organization's tolerance to security issues and how the organization plans to react if a security issue occurs?
What is the protection of information and information systems from unauthorized access, use, disclosure, disruption, modification, or distribution to provide confidentiality, integrity, and availability?