Valid Secure-Software-Design Dumps shared by EduDump.com for Helping Passing Secure-Software-Design Exam! EduDump.com now offer the newest Secure-Software-Design exam dumps, the EduDump.com Secure-Software-Design exam questions have been updated and answers have been corrected get the newest EduDump.com Secure-Software-Design dumps with Test Engine here:
Which secure coding best practice ensures sensitive information is not disclosed in any responses to users, authorized or unauthorized?
Correct Answer: D
Comprehensive and Detailed In-Depth Explanation: Preventing the disclosure of sensitive information in application responses is primarily addressed by implementing proper Error Handling and Logging practices. When errors occur, applications may inadvertently reveal sensitive data through detailed error messages. To mitigate this risk, error handling mechanisms should be designed to provide generic error messages to end- users, while detailed error information is logged securely for internal review. This approach ensures that sensitive information, such as system configurations, stack traces, or personal data, is not exposed to unauthorized users. The OWASP Secure Coding Practices emphasize the importance of error handling and logging to prevent information leakage: "Ensure that error messages displayed to users do not reveal sensitive information that can be exploited by attackers." References: * OWASP Secure Coding Practices - Quick Reference Guide