MD5 | SHA1 | XOR | ARC4—these are the insecure code indicators for which one of the following?
Weak Encryption
Insecure protocol
Hardcoded information
Command injection
What kind of source code security issue can be identified with low false positive?
Weak encryption
Insecure protocol
Weak random
All of the above
What APIs are risky to command injection?
system
execl
ShellExecute
All of the above
What can lead to XXE injection?
Failing to disable the external DTD configuration
No prepared statement
The use of eval
No output encoding
What APIs are related to XXE handling?
SAXParser
SchemaFactory
DocumentBuilderFactoryImpl
All of the above
Which of these is a correct statement about the deserialization security issue?
Serialization is the process in Java of converting the state of an object into a byte stream (serialized object), which can be stored in files, memory, or a database. Deserialization is the reverse process, involving the creation of an object based on the byte stream.
readObject is the API that may be vulnerable to a deserialization security issue.
The deserialization security issue may result in an RCE attack.