What is a Cross-Site-Scripting (XSS) attack, how is it implemented, and how do you defend against it?
Secure coding skills are developed and honed by understanding what software attacks are, how they are conducted, and how you can code defensively against them. Secure coding means building an application to defend itself against misuse cases by monitoring all user activity. This takes a good understanding of programming languages and their vulnerabilities as well. Activities that help to secure code are as follows: validate the request, handle exceptions, create self-monitoring code, secure the code base, and know the programming language.
Answer the following questions (5 points each) related to secure coding skills. Do not include the question in your response when submitting your work.
1. Every request that comes into an application should be treated as a potential attack. Identify and explain the three steps required to validate a request.
2. What is a Cross-Site-Scripting (XSS) attack, how is it implemented, and how do you defend against it?
3. What is SQL code injection, how is it implemented, and how do you defend against it?
4. Why is it important for applications to handle exceptions (errors) and provide custom error messages when necessary?
5. Describe what is meant by self-monitoring code and provide two examples of ways in which applications can self-monitor.
6. Why is it important to secure the code base?
7. It is important to understand the specific security features of any programming language that you are using. List one security consideration/tip for each of the following programming languages:
8. What is a buffer overflow attack?
9. List and describe three principles for writing organized code.
10. What is code refactoring and why is it important for security?