Software Composition Analysis (SCA) (1) Modern application…

Software Composition Analysis (SCA) (1) Modern applications often rely heavily on third-party libraries and package managers such as pip, npm, Ruby Gems, Go modules, CPAN, and PHP package managers. Explain what Software Composition Analysis (SCA) is and why it is important in a DevSecOps pipeline. 2) You are reviewing the following package.json file from a Node.js application: Picture517.png The application uses lodash in the following code: Picture518.png

Read Details

Below is an example code snippet for a user login on a web s…

Below is an example code snippet for a user login on a web site. (1) Give an example input string for ” username” and “userpassword” that can allow an attacker to get access to user names and passwords in the database, and also explain the reason. (2) Rewrite the logic using a safer approach, such as parameterized queries. Explain why the safer version prevents the vulnerability. Picture513.png

Read Details

What is the most common bacterial pneumonia see in pediatric…

What is the most common bacterial pneumonia see in pediatric patients prior to school-age?

Read Details

The figure shows a simplified DevSecOps pipeline that integr…

The figure shows a simplified DevSecOps pipeline that integrates multiple security tools and stages into a CI/CD workflow. (1) Explain the purpose of this DevSecOps pipeline. In your answer, identify the role of at least five major stages or tools shown in the figure, such as Git, Jenkins, Dependency-Check, SAST, DAST, Vault, Clair, OpenVAS, InSpec, ModSecurity, Nagios, or Archery. Your answer should also explain how this pipeline supports the idea of shifting security left. (2)Suppose the pipeline discovers a high-severity vulnerability during the SAST or dependency-check stage. Explain what should happen next in the CI/CD process. Should the pipeline continue to deployment or stop the build? Justify your answer. Picture516.png

Read Details