ExamTopics Logo
Mail Us[email protected]
Menu
Isc Discussions
exam questions

Exam CSSLP All Questions

View all questions & answers for the CSSLP exam
Go to Exam

Exam CSSLP topic 2 question 8 discussion

Actual exam question from ISC's CSSLP
Question #: 8
Topic #: 2
[All CSSLP Questions]

Which of the following provides an easy way to programmers for writing lower-risk applications and retrofitting security into an existing application?

  • A. Watermarking
  • B. ESAPI
  • C. Encryption wrapper
  • D. Code obfuscation
Show Suggested Answer Hide Answer
Suggested Answer: an existing application. It offers a solid foundation for new development. Answer: A is incorrect. Watermarking is the process of embedding information into 🗳️
ESAPI (Enterprise Security API) is a group of classes that encapsulate the key security operations, needed by most of the applications. It is a free, open source, Web application security control library. ESAPI provides an easy way to programmers for writing lower-risk applications and retrofitting security into
by 74gjd_37 at Sept. 30, 2023, 6:44 p.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
74gjd_37
5 months, 2 weeks ago
Selected Answer: B
From an ISC2 CISSP perspective, ESAPI (Enterprise Security Application Programming Interface) provides an easy way for programmers to write lower-risk applications and retrofit security into existing ones. Therefore, option B is the correct answer. ESAPI offers a set of libraries that includes functionality such as user authentication and input validation, which significantly reduces the risk of common web application vulnerabilities like SQL injection and cross-site scripting. It simplifies coding by incorporating standardized security practices into existing applications rather than requiring extensive changes to be made manually. Watermarking, encryption wrappers, and code obfuscation are not specifically designed for adding security features to applications but have other uses in different contexts related to software development.
upvoted 1 times
74gjd_37
5 months, 2 weeks ago
ESAPI is an open-source library developed by the Open Web Application Security Project (OWASP) community. It provides standard security functions for software developers to easily implement into their applications, aiming to reduce common web application vulnerabilities. The core team consists of experienced professionals who have been working on software security and testing projects for several years. ESAPI includes input validation, output encoding, access control, cryptographic functionalities and audit logging components ready for implementation. Due to its adaptability across various languages like Java, PHP & Python it has become well-supported when implementing secure web-based infrastructures.
upvoted 1 times
...
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
exam
Someone Bought Contributor Access for:
SY0-701
London, 1 minute ago