Eccouncil 312-96 Certified Application Security Engineer (CASE) JAVA Exam Practice Test

According to secure logging practices, programmers should ensure that logging processes are not disrupted by:

Which of the following DFD component is used to represent the change in privilege levels?

Thomas is not skilled in secure coding. He neither underwent secure coding training nor is aware of the consequences of insecure coding. One day, he wrote code as shown in the following screenshot. He passed 'false' parameter to setHttpOnly() method that may result in the existence of a certain type of vulnerability. Identify the attack that could exploit the vulnerability in the above case.

To enable the struts validator on an application, which configuration setting should be applied in the struts validator configuration file?

Sam, an application security engineer working in INFRA INC., was conducting a secure code review on an application developed in Jav

a. He found that the developer has used a piece of code as shown in the following screenshot. Identify the security mistakes that the developer has coded?

In a certain website, a secure login feature is designed to prevent brute-force attack by implementing account lockout mechanism. The account will automatically be locked after five failed attempts. This feature will not allow the users to login to the website until their account is unlocked. However, there is a possibility that this security feature can be abused to perform __________ attack.

In which phase of secure development lifecycle the threat modeling is performed?