The developer wants to remove the HttpSessionobject and its values from the client' system.
Which of the following method should he use for the above purpose?
Suppose there is a productList.jsp page, which displays the list of products from the database for the requested product category. The product category comes as a request parameter value. Which of the following line of code will you use to strictly validate request parameter value before processing it for execution?
Alice works as a Java developer in Fygo software Services Ltd. He is given the responsibility to design a bookstore website for one of their clients. This website is supposed to store articles in .pdf format. Alice is advised by his superior to design ArticlesList.jsp page in such a way that it should display a list of all the articles in one page and should send a selected filename as a query string to redirect users to articledetails.jsp page.
Alice wrote the following code on page load to read the file name.
String myfilename = request.getParameter("filename");
String txtFileNameVariable = myfilename;
String locationVariable = request.getServletContext().getRealPath("/"); String PathVariable = ""; PathVariable = locationVariable + txtFileNameVariable; BufferedInputStream bufferedInputStream = null; Path filepath = Paths.get(PathVariable); After reviewing this code, his superior pointed out the security mistake in the code and instructed him not repeat the same in future. Can you point the type of vulnerability that may exist in the above code?
Which of the following configurations can help you avoid displaying server names in server response header?
In which phase of secure development lifecycle the threat modeling is performed?
