Application Security

Question 1

QA

Answer 1

Quality assurance (QA) → process of testing applications during development to identify bugs, logic errors, and security flaws before release, helping reduce vulnerabilities that could be exploited in production.

Question 2

Input Validation

Answer 2

Input validation → security practice that checks and sanitizes user input to ensure only expected data is accepted, preventing attacks such as structured query language injection, cross-site scripting, and command injection.

Question 3

Secure Cookies

Answer 3

Secure cookies → browser cookies configured with security attributes such as secure, HttpOnly, and same-site to protect session data from interception, cross-site scripting, and unauthorized access.

Question 4

SAST

Answer 4

Static application security testing (SAST) → testing method that analyzes source code or compiled code without running the application to identify security flaws early in the development lifecycle.

Question 5

Code Signing

Answer 5

Code signing → process of digitally signing applications or updates to verify the software’s authenticity and integrity, ensuring the code has not been altered and comes from a trusted publisher.

Question 6

Sandboxing

Answer 6

Sandboxing → security technique that runs applications in an isolated environment, limiting access to system resources so malicious or vulnerable code cannot impact the rest of the system.

Question 7

UAC

Answer 7

User account control (UAC) → operating system security feature that prompts for approval before allowing actions requiring elevated privileges, helping prevent unauthorized changes and privilege escalation.