Which of the following is an application security coding problem?
A.
Error and exception handling
B.
Patch management
C.
Application hardening
D.
Application fuzzing
Explanation:
Exception handling is an aspect of secure coding. When errors occur, the system should revert back to a secure state. This must be coded into the system by the
programmer, and should capture errors and exceptions so that they could be handled by the application.
Incorrect Answers:
B: Patch management is the process of maintaining the latest source code for applications and operating systems. This helps protect a systems from known
attacks and vulnerabilities, and is provided by the vendor in response to newly discovered vulnerabilities in the software.
C: Hardening is the process of securing a system by reducing its surface of vulnerability. Reducing the surface of vulnerability typically includes removing
unnecessary functions and features, removing unnecessary usernames or logins and disabling unnecessary services.
D: Fuzzing is a software testing technique that involves providing invalid, unexpected, or random data to as inputs to a computer program. The program is then
monitored for exceptions such as crashes, or failed validation, or memory leaks.http://en.wikipedia.org/wiki/Fuzz_testing
Dulaney, Emmett and Chuck Eastton, CompTIA Security+ Study Guide, Sixth Edition, Sybex, Indianapolis, 2014, p 218, 220
Stewart, James Michael, CompTIA Security+ Review Guide, Sybex, Indianapolis, 2014, pp 229, 230, 231-232