Choose the best reason why security testing helps protect users of software applications.
Think about what could happen if attackers find weak spots in software.
Security testing identifies weaknesses that could let attackers access or steal user information, protecting users from harm.
What is the output of this simple security test log filter code?
logs = ["INFO: User login successful", "WARNING: Password attempt failed", "ERROR: SQL injection detected", "INFO: Data saved"] security_alerts = [log for log in logs if 'ERROR' in log or 'WARNING' in log] print(security_alerts)
Look for logs containing 'ERROR' or 'WARNING'.
The code filters logs to include only those with 'ERROR' or 'WARNING', so it outputs those two messages.
Which assertion correctly verifies that a user's password is stored encrypted (not plain text)?
def test_password_encryption(user_password, stored_password): # user_password is plain text input # stored_password is what is saved in database pass # Fill in assertion here
Encrypted passwords should not match the plain text password.
The assertion checks that the stored password is different from the plain text input, meaning it is encrypted.
Identify the error in this code snippet that tests if a user input is sanitized to prevent XSS attacks.
def test_input_sanitization(user_input): sanitized = sanitize(user_input) assert '<script>' not in sanitized assert '<script>' not in sanitized
Check which variable should be free of script tags after sanitization.
The first assertion wrongly checks the original input instead of the sanitized output; it should check sanitized only.
Which option describes the best way to include security testing in a continuous integration/continuous deployment (CI/CD) pipeline?
Think about catching security issues early before software reaches users.
Running automated security tests during the build phase helps catch vulnerabilities early, preventing unsafe code from deploying.