312-50V11 · Question #540
If an e-commerce site was put into a live environment and the programmers failed to remove the secret entry point that was used during the application development, what is this secret entry point know
The correct answer is D. Trap door. A secret entry point intentionally left in software from the development phase that bypasses normal authentication is called a trap door or backdoor.
Question
If an e-commerce site was put into a live environment and the programmers failed to remove the secret entry point that was used during the application development, what is this secret entry point known as?
Options
- ASDLC process
- BHoney pot
- CSQL injection
- DTrap door
How the community answered
(39 responses)- A3% (1)
- C3% (1)
- D95% (37)
Why each option
A secret entry point intentionally left in software from the development phase that bypasses normal authentication is called a trap door or backdoor.
The SDLC (Software Development Life Cycle) is a development process framework, not a secret entry point or vulnerability.
A honeypot is a decoy system deliberately exposed to attract and monitor attackers, not a leftover development entry point.
SQL injection is an input-validation attack technique that exploits database queries, not a hidden entry point built into the application.
A trap door (also called a backdoor) is a hidden mechanism inserted into software during development that allows developers to bypass normal security controls for testing or maintenance. When left in a production environment, it becomes a serious security vulnerability because unauthorized parties can discover and exploit it to gain privileged access. This is a well-known SDLC security failure that violates secure deployment practices.
Concept tested: Trap door backdoor vulnerability in software development
Source: https://owasp.org/www-community/attacks/Backdoor_Attack
Topics
Community Discussion
No community discussion yet for this question.