The best way to mitigate risks is by threat modeling the development environment and processes. Analyze the attack surface for a range of threats, treating the source code as your primary asset. List three basic mitigations for typical development work.

XML ___________________ are a relatively obscure feature, and unfortunately, attackers have been creative in finding ways of abusing these.

_____________________ are a common vulnerability closely related to injection attacks. Instead of escaping from quotation marks, this attack escapes into parent directories to gain unexpected access to other parts of the filesystem.

____________________ refers to the common technique of converting data objects to a byte stream, a little like a Star Trek transporter does, to then “beam” them through time and space.

____________________ happens when the result of a computation exceeds the capacity of a fixed-width integer, leading to unexpected results, which can create a vulnerability.

C programs use ______________ to allocation memory, and when it’s no longer needed, they release each allocation for reuse by calling free(3).

A ___________________________ detects underlying bug or bugs.

What is a DREAD assessment? What do each of the letters stand for?

___________________________ are the most basic building blocks of many languages, including Java and C/C++, and if any computation exceeds their limited range, you get the wrong result silently.

A ______________________ is a side-channel attack that infers information from the time it takes to do an operation, indirectly learning about some state of the system that should be private.