IBM Security AppScan Source Edition Implementation - C2150-810 FREE EXAM DUMPS QUESTIONS & ANSWERS
You are reviewing a thick client application and come upon File Injection findings in a function that opens zip files and extracts data from them, but the customer you are working with tells you that the data is sanitized using a method mySanitizer.validateZip{..). You confirm this and decide to remove this vulnerability and other File injection findings with sanitized data using the Remove functionality of the Trace section in the Filter Editor.
In which area of the Trace Rule Entry dialog would you add mySanitizer.validateZip(..) method?
In which area of the Trace Rule Entry dialog would you add mySanitizer.validateZip(..) method?
Correct Answer: B
Vote an answer
You are reviewing an on-line shopping application and find a lost sink method called generateltemNotFoundMessage() provided by a third-party shopping framework. This method returns a search string that was passed in. prepended with an "item not found" message in English, French or Spanish (depending on user's selection).
Which type of custom rule do you need to create for this method?
Which type of custom rule do you need to create for this method?
Correct Answer: B
Vote an answer
You are reviewing an on-line shopping application and find a lost sink method called retrieveOrderf...) that is provided by a third party shopping framework. This method accepts order number and in turn provides all information regarding that order such as items ordered, shipping and billing address, payment type, etc .
Which type of custom rule should you create for this method?
Which type of custom rule should you create for this method?
Correct Answer: B
Vote an answer
You are analyzing a client-server application that has "thick" clients that run on Windows and Android. You come across several Remote Command Execution findings with data originating from several different Sources. The customer you are working with is worried about the developers pushing back on low priority findings, so you need to remove those originating from sources that pose the lowest risk.
Which Sources pose the lowest risk?
Which Sources pose the lowest risk?
Correct Answer: A
Vote an answer
What is the best practice for scanning an Android application?
Correct Answer: A
Vote an answer