4.0 Application, Data and Host Security

4.1 Explain the importance of application security controls and techniques.

  • Fuzzing
  • Secure coding concepts
    • Error and exception handling
    • Input validation
  • Cross-site scripting prevention
  • Cross-site Request Forgery (XSRF) prevention
  • Application configuration baseline (proper settings)
  • Application hardening
  • Application patch management
  • NoSQL databases vs. SQL databases
  • Server-side vs. client-side validation