1. Which of the following practices is essential for preventing session hijacking in web applications?
2. What is the primary purpose of performing a code review in the context of secure software development?
3. Which of the following is an effective way to mitigate cross-site scripting (XSS) vulnerabilities?
4. Which of the following practices helps prevent buffer overflow attacks?
5. What is the primary function of a Software Bill of Materials (SBOM) in secure software development?
6. Which of the following tools is best suited for identifying vulnerabilities in third-party libraries used in an application?
7. Which of the following best describes static code analysis in the context of secure software development?
8. Which of the following describes threat modeling in secure software development?
9. Which of the following practices can help prevent injection attacks in web applications?
10. In secure software development, what is the primary goal of Threat Modeling?
11. Which of the following is an example of a secure coding best practice?
12. What is the primary role of fuzz testing in secure software development?
13. Which software development model involves iterative cycles of development and risk analysis?
14. Which of the following is the best description of the principle of "Least Privilege" in software development security?
15. In secure software development, which type of testing specifically focuses on uncovering security flaws by simulating real-world attacks?
16. Which of the following is a key security risk when using open-source software components in an application?
17. Which security concern is most associated with the DevOps methodology in software development?
18. Which of the following is a core principle of DevSecOps?
19. Which of the following measures helps protect against Cross-Site Request Forgery (CSRF) attacks?
20. Which of the following is the best method to mitigate time-of-check to time-of-use (TOCTOU) vulnerabilities in software?
21. Which of the following security mechanisms is typically used to prevent Cross-Site Request Forgery (CSRF) attacks?
22. Which of the following is a characteristic of the Waterfall Model in software development?
23. Which of the following is a common goal of using software fuzz testing?
24. Which of the following techniques is the most effective in mitigating SQL injection vulnerabilities?
25. In the context of secure software development, which of the following is a common method to mitigate injection attacks?
26. Which of the following is considered a secure coding best practice to mitigate buffer overflow vulnerabilities?
27. What is the main goal of the Secure Development Life Cycle (SDLC)?
28. Which of the following describes a key feature of the NIST Secure Software Development Framework (SSDF)?
29. Which of the following is a key benefit of using a sandbox environment in software development?
30. Which of the following is a key feature of Static Application Security Testing (SAST)?
31. Which of the following is a key characteristic of DevSecOps in secure software development?
32. Which of the following techniques can prevent Cross-Site Scripting (XSS) attacks?
33. Which of the following is the best example of a security measure that can prevent Cross-Site Request Forgery (CSRF) attacks?
34. Which of the following practices helps reduce the risk of hardcoded sensitive information in software applications?
35. What is the purpose of implementing nonce values in web applications?
36. Which of the following secure coding practices can help mitigate the risk of Cross-Site Scripting (XSS) attacks?
37. Which of the following is a primary advantage of using the Agile software development methodology from a security perspective?
38. Which of the following is the most effective way to prevent SQL injection attacks?
39. Which of the following methods is used to prevent replay attacks?
40. Which secure coding practice can help mitigate buffer overflow attacks?
41. Which of the following is a characteristic of dynamic application security testing (DAST)?
42. Which of the following describes a key characteristic of the Spiral Model in software development?
43. Which software testing method involves simulating attacks on the application to uncover vulnerabilities?
44. Which of the following practices helps to ensure data integrity during software development?
45. What is the primary security risk associated with the use of third-party libraries in software development?
46. Which secure coding practice is the most effective in preventing race conditions in multithreaded applications?
47. What is the purpose of input sanitization in secure software development?
48. Which of the following is a primary benefit of incorporating security requirements during the early stages of the Software Development Life Cycle (SDLC)?
49. Which of the following is the primary goal of Software Composition Analysis (SCA) in secure development?
50. What is the main purpose of the Open Web Application Security Project (OWASP) Top 10 list?