Explore key vulnerability detection rules used in both static and dynamic code analysis techniques. This quiz challenges your ability to identify, evaluate, and understand common security weaknesses and how they are detected during security testing processes.
When analyzing a codebase for SQL injection vulnerabilities, which pattern should a detection rule flag in static code analysis?
Explanation: Directly concatenating user input into SQL queries exposes the application to SQL injection attacks, making it a clear target for static analysis rules. Converting input to uppercase does not prevent injection or indicate a risk. Code in comments is not executed and therefore not immediately vulnerable. Using parameterized queries is a secure approach and should not be flagged as a vulnerability.
In dynamic code analysis, which behavior is most indicative of a cross-site scripting (XSS) vulnerability on a web application?
Explanation: Reflected and unsanitized JavaScript that is executed by the browser signifies a classic XSS vulnerability, as detected by dynamic analysis tools. Strong password requirements are a security best practice, not a vulnerability. Redirects after login and logging error messages are unrelated to XSS, making them poor indicators for this issue.
Which rule should trigger in static analysis when source code reveals hardcoded credentials, such as passwords in plaintext variables?
Explanation: Hardcoded credential detection rules are specifically designed to flag plaintext passwords or secrets found in source code. Dead code refers to unused code and is not related to sensitive data. Null pointer dereference detection concerns potential runtime errors, not security flaws. Memory leak monitoring addresses resource cleanup and not data confidentiality.
During security testing, which code pattern is a static analyzer most likely to flag as an insecure deserialization risk?
Explanation: Deserializing objects from untrusted sources can open the door to remote code execution or other attacks, so static analysis rules flag this pattern. Serializing data or validating input helps ensure safe communication and does not create deserialization risks. Validating with loops or regular expressions is generally good practice and not inherently insecure in this context.
Which scenario should dynamic testing rules most urgently flag as a potential command injection vulnerability?
Explanation: Executing system commands with unsanitized user input presents a serious command injection threat and must be detected in dynamic testing. Storing passwords with strong hashing is recommended and not a vulnerability. Documentation and logging timestamps are unrelated to injection, so they do not represent security risks in this scenario.