Which of the following is an application security coding problem?

A.
Error and exception handling

B.
Patch management

C.
Application hardening

D.
Application fuzzing

Explanation:
Exception handling is an aspect of secure coding. When errors occur, the system should revert back to a
secure state. This must be coded into the system by the programmer, and should capture errors and
exceptions so that they could be handled by the application.Incorrect Answers:
B: Patch management is the process of maintaining the latest source code for applications and operating
systems. This helps protect a systems from known attacks and vulnerabilities, and is provided by the
vendor in response to newly discovered vulnerabilities in the software.
C: Hardening is the process of securing a system by reducing its surface of vulnerability. Reducing the
surface of vulnerability typically includes removing unnecessary functions and features, removing
unnecessary usernames or logins and disabling unnecessary services.
D: Fuzzing is a software testing technique that involves providing invalid, unexpected, or random data to
as inputs to a computer program. The program is then monitored for exceptions such as crashes, or failed
validation, or memory leaks.

http://en.wikipedia.org/wiki/Fuzz_testing
Dulaney, Emmett and Chuck Eastton, CompTIA Security+ Study Guide, 6th Edition, Sybex, Indianapolis,
2014, pp. 218, 220
Stewart, James Michael, CompTIA Security+ Review Guide, Sybex, Indianapolis, 2014, pp. 229, 230, 231-
232