Web application security - the fast guide 1.1 | Page 188

Chapter 9 - Secure Application Development
P a g e | 188
browser.
5. All the following is true concerning Securing web application
EXCEPT:
a. It is always better to create your own libraries than to depend on
well-known libraries because this will emphasize the security by
obscurity.
b. Using static analysis for compiled code can reveal vulnerabilities
that cannot be discovered through non compiled code analysis as it
might not exist there at all.
c. Black box testing depends on analyzing the HTTP response to
detect vulnerabilities in the application.
d. In contrast with passive scanning Active black box scanning embed
the creation and generation of own HTTP requests to extract
vulnerabilities
6. Response planning mainly aims to:
a. Minimize loss and Mitigate the weaknesses that were exploited.
b. Restore services and processes.
c. Reduce the risk that can occur from future incidents.
d. All the above
7. In Agile SDL:
a. Lots of tasks are omitted to adhere with agility needs
b. Some security practices tasks are repeated for each sprint.
c. There is no such thing as agile SDL
d. Threat modeling is not applicable.
8. The main difference between SDL and CLASP methodology:
a. CLASP add extra focus about the role responsible on applying each
practice activity
b. SDL is not a