Free Preparation Discussions
MENU
ISC2 Exam CSSLP Topic 4 Question 57 Discussion
Topic #: 4
A number of security patterns for Web applications under the DARPA contract have been developed by Kienzle, Elder, Tyree, and Edwards-Hewitt. Which of the following patterns are applicable to aspects of authentication in Web applications?b Each correct answer represents a complete solution. Choose all that apply.
The various patterns applicable to aspects of authentication in the Web applications are as follows:
Account lockout: It implements a limit on the incorrect password attempts to protect an account from automated password-guessing
attacks.
Authenticated session: It allows a user to access more than one access-restricted Web page without re-authenticating every page. It
also integrates user authentication into the basic session model.
Password authentication: It provides protection against weak passwords, automated password-guessing attacks, and mishandling of
passwords.
Password propagation: It offers a choice by requiring that a user's authentication credentials be verified by the database before
providing access to that user's data.
Answer B and C are incorrect. Secure assertion and partitioned application patterns are applicable to
software assurance in general.
Currently there are no comments in this discussion, be the first to comment!