(ISC)2(ISC)2
CSSLP · Question #143
CSSLP Question #143: Real Exam Question with Answer & Explanation
The correct answer is D: ESAPI. The OWASP Enterprise Security API (ESAPI) provides an easy way for programmers to write lower-risk applications and integrate security into existing software.
Secure Software Implementation
Question
Which of the following provides an easy way to programmers for writing lower-risk applications and retrofitting security into an existing application?
Options
- AWatermarking
- BCode obfuscation
- CEncryption wrapper
- DESAPI
Explanation
The OWASP Enterprise Security API (ESAPI) provides an easy way for programmers to write lower-risk applications and integrate security into existing software.
Common mistakes.
- A. Watermarking is used for copyright protection or tracking, not for building secure software or retrofitting security into an application's code logic.
- B. Code obfuscation aims to make code difficult to understand or reverse-engineer, which is a defensive technique but does not directly help programmers write lower-risk applications by providing security controls.
- C. An encryption wrapper typically refers to a component that encrypts data, which is a specific security function, but not a comprehensive API designed to help programmers build overall lower-risk applications.
Concept tested. Secure coding libraries - OWASP ESAPI
Reference. https://owasp.org/www-project-esapi/
Topics
#ESAPI#Secure coding practices#Application security APIs#OWASP
Community Discussion
No community discussion yet for this question.