Which of the following security assessment methods are likely to reveal this security weakness?

Posted by: Pdfprep Category: CAS-002 Tags: , ,

The following has been discovered in an internally developed application:

Error – Memory allocated but not freed:

char *myBuffer = malloc(BUFFER_SIZE);

if (myBuffer != NULL) {

*myBuffer = STRING_WELCOME_MESSAGE;

printf(“Welcome to: %sn”, myBuffer);

}

exit(0);

Which of the following security assessment methods are likely to reveal this security weakness? (Select TWO).
A . Static code analysis
B . Memory dumping
C . Manual code review
D . Application sandboxing
E . Penetration testing
F . Black box testing

Answer: A, C

Leave a Reply

Your email address will not be published.