Certified Incident Handler (CIH) Practice Ecam

Disable ads (and more) with a membership for a one time $2.99 payment

Prepare for the Certified Incident Handler (CIH) Exam. Enhance your knowledge with interactive quizzes and detailed insights into cyber incident handling. Boost your exam readiness with our expert-designed questions!

Start Multiple Choice Practice Test
Start Flash Cards

Each practice test/flash card set has 50 randomly selected questions from a bank of over 500. You'll get a new set of questions each time!

Practice this question and more.

Which web application vulnerability arises from not implementing security controls during development?

  1. Insecure design

  2. Cross-site scripting

  3. Cross-site request forgery

  4. Data exposure

The correct answer is: Insecure design

The correct answer is based on the concept of "insecure design," which refers to vulnerabilities that arise when security controls are not considered or integrated into the software development lifecycle. This type of vulnerability typically occurs when developers neglect to implement fundamental security principles such as least privilege, proper authentication, and secure data handling during the design and development phases. Insecure design can lead to a multitude of security issues with the application, as it leaves the system vulnerable to various attacks. By not incorporating security measures from the beginning, an application may inadvertently facilitate easier exploitation and compromise. This highlights the critical importance of integrating security practices in the initial design and ongoing development processes to mitigate risks. While cross-site scripting, cross-site request forgery, and data exposure are indeed serious web application vulnerabilities, they often arise from specific oversights or failures in validation, session management, or data handling after an application is already designed. These vulnerabilities are typically mitigated through implementation of security controls, but they do not inherently stem from a failure to incorporate security during the development phase, which is the essence of insecure design.

More Questions Like This