nerdexam
ExamsCSSLPQuestions#108
(ISC)2(ISC)2

CSSLP · Question #108

CSSLP Question #108: Real Exam Question with Answer & Explanation

The correct answer is B: ESAPI. The OWASP Enterprise Security API (ESAPI) provides a collection of security controls that programmers can use to build more secure applications or add security to existing ones. It simplifies the implementation of common security tasks.

Secure Software Implementation

Question

Which of the following provides an easy way to programmers for writing lower-risk applications and retrofitting security into an existing application?

Options

  • AWatermarking
  • BESAPI
  • CEncryption wrapper
  • DCode obfuscation

Explanation

The OWASP Enterprise Security API (ESAPI) provides a collection of security controls that programmers can use to build more secure applications or add security to existing ones. It simplifies the implementation of common security tasks.

Common mistakes.

  • A. Watermarking embeds information into data to claim ownership or track its distribution, which is not a tool for writing lower-risk applications.
  • C. An encryption wrapper applies encryption to data, primarily for confidentiality, but doesn't provide a comprehensive framework for application security development.
  • D. Code obfuscation makes code harder to understand, typically to deter reverse engineering, but does not inherently make an application lower-risk from a security vulnerability perspective.

Concept tested. Secure coding frameworks - ESAPI

Reference. https://owasp.org/www-project-esapi/

Topics

#ESAPI#Secure coding#Security APIs#Application security frameworks

Community Discussion

No community discussion yet for this question.

Sign up to join the discussion
Full CSSLP PracticeBrowse All CSSLP Questions