Given the following code snippet:
Of which of the following is this snippet an example?
A. Data execution prevention
B. Buffer overflow
C. Failure to use standard libraries
D. Improper filed usage
E. Input validation
How to PASS CAS-004 in First Attempt?FULL Printable PDF and Software. VALID exam to help you PASS. |
D. Improper field usage.
A developer should never store important variables locally, since it can be tampered using a HTTP Interceptor (like Burp or OWASP ZAP).
In this particular case, the attacker could modify price variable to zero, so that he wouldn’t pay anything.
D. Improper FIELD usage.
It really helps when it’s spelled correctly…
Text for quantity? Unless I’m looking that this wrong I’d say D
I wish I had more experience in this area. I was tugging back and forth with D and E. Thanks for your input.
E
D ?