nerdexam
EC-Council

312-50V11 · Question #540

If an e-commerce site was put into a live environment and the programmers failed to remove the secret entry point that was used during the application development, what is this secret entry point know

The correct answer is D. Trap door. A secret entry point intentionally left in software from the development phase that bypasses normal authentication is called a trap door or backdoor.

System Hacking

Question

If an e-commerce site was put into a live environment and the programmers failed to remove the secret entry point that was used during the application development, what is this secret entry point known as?

Options

  • ASDLC process
  • BHoney pot
  • CSQL injection
  • DTrap door

How the community answered

(39 responses)
  • A
    3% (1)
  • C
    3% (1)
  • D
    95% (37)

Why each option

A secret entry point intentionally left in software from the development phase that bypasses normal authentication is called a trap door or backdoor.

ASDLC process

The SDLC (Software Development Life Cycle) is a development process framework, not a secret entry point or vulnerability.

BHoney pot

A honeypot is a decoy system deliberately exposed to attract and monitor attackers, not a leftover development entry point.

CSQL injection

SQL injection is an input-validation attack technique that exploits database queries, not a hidden entry point built into the application.

DTrap doorCorrect

A trap door (also called a backdoor) is a hidden mechanism inserted into software during development that allows developers to bypass normal security controls for testing or maintenance. When left in a production environment, it becomes a serious security vulnerability because unauthorized parties can discover and exploit it to gain privileged access. This is a well-known SDLC security failure that violates secure deployment practices.

Concept tested: Trap door backdoor vulnerability in software development

Source: https://owasp.org/www-community/attacks/Backdoor_Attack

Topics

#trap door#backdoor#SDLC security#insecure development

Community Discussion

No community discussion yet for this question.

Full 312-50V11 Practice