Question: A software for a networking device is written using C programming language. There is a requirement in the software to get input from the programmers

A software for a networking device is written using C programming language. There is a requirement in the software to get input from the programmers had used the gets() method for getting the input from the user and this lead to a very serious vulnerability known as buffer
Note: gets() is already listed as a vulnerable/bad coding practice in the CERT Coding Guidelines and has recommended developers to use I fgets() instead of gets().
Which of the following Secure SDLC practices could have helped in preventing and/or detecting such issues? (Choose TWO most appropri)
Deprecate unsafe functions
Source code scanning using Static Application Security Testing (SAST) tools
User risk assessment
Establish a disposal/transition plan

Step by Step Solution

There are 3 Steps involved in it

1 Expert Approved Answer
Step: 1 Unlock blur-text-image
Question Has Been Solved by an Expert!

Get step-by-step solutions from verified subject matter experts

Step: 2 Unlock
Step: 3 Unlock

Students Have Also Explored These Related Databases Questions!

Q:

Question 1 2 A software for a networking device is written using C programming language. There is a requirement in the software to get input from the user. The programmers had used the gets ( )...

Q:

Hi, I need help with the below assignment. It has to be done using C programming language only and attached are the assignment instructions. Find the game instructions attached below in image format...

Q:

Let A, B be sets. Define: (a) the Cartesian product (A B) (b) the set of relations R between A and B (c) the identity relation A on the set A [3 marks] Suppose S, T are relations between A and B, and...

Q:

Python and most Python libraries are free to download or use, though many users use Python through a paid service. Paid services help IT organizations manage the risks associated with the use of...

Q:

Consider Hoare triples of the form {T} V := E {V = E} where T is the atomic formula 'true' and V and E range over variables and expressions, respectively. (i) Write down an instance of such a triple...

Q:

In a Hopfield neural network configured as an associative memory, with all of its weights trained and fixed, what three possible behaviours may occur over time in configuration space as the net...

Q:

Hi i want one page brief summary of this article i need this for my Operating System class priject and My project name is Android. Android also supports its native API which is on C or C++...

Q:

Consider the trigonometric series a0 2 + X r=1 (ar cos rx + br sin rx) where a0, a1, a2, . . . and b1, b2, . . . are constants and suppose that f(x) is a periodic function of x with period 2. (a)...

Q:

A1 Software engineers use the following to enhance the quality of their products: 1. Tools II. Techniques III. Procedures IV. Paradigm A. I and II B. I, II and III C. I, II and IV D. I, II, III and...

Q:

CHA P TER 9 Understanding Software: A Primer for Managers 1. INTRODUCTION L E A R N I N G O B J E C T I V E S 1. Recognize the importance of software and its implications for the rm and strategic...

Q:

Contrast the following terms: a. Static extract; incremental extract b. Data scrubbing; data transformation c. Consolidation; federation d. ETL; master data management

Q:

What determines the maximum voltage that can be used on a transmission line?

Q:

Return on a company s net operating assets is commonly used to evaluate financial performance. One way to increase performance is to focus on operating assets. How might this be done in relation to...

Q:

If the sales forces made 2 8 sales calls

Q:

Discuss consumer-driven health plans.

Q:

Evaluate the importance of a health navigator to healthcare consumers.

Q:

Examine the role of allied health professionals in the healthcare industry.