Valid Secure-Software-Design Dumps shared by EduDump.com for Helping Passing Secure-Software-Design Exam! EduDump.com now offer the newest Secure-Software-Design exam dumps, the EduDump.com Secure-Software-Design exam questions have been updated and answers have been corrected get the newest EduDump.com Secure-Software-Design dumps with Test Engine here:
While performing functional testing of the new product from a shared machine, a QA analyst closed their browser window but did not logout of the application. A different QA analyst accessed the application an hour later and was not prompted to login. They then noticed the previous analyst was still logged into the application. How should existing security controls be adjusted to prevent this in the future?
Correct Answer: B
The issue described involves a session management vulnerability where the user's session remains active even after the browser window is closed, allowing another user on the same machine to access the application without logging in. To prevent this security risk, it's essential to adjust the session management controls to include an automatic timeout feature. This means that after a period of inactivity, or when the browser window is closed, the session should automatically expire, requiring a new login to access the application. This adjustment ensures that even if a user forgets to log out, their session won't remain active indefinitely, reducing the risk of unauthorized access. : Secure SDLC practices emphasize the importance of security at every stage of the software development life cycle, including the implementation of proper session management controls12. Best practices for access control in security highlight the significance of managing session timeouts to prevent unauthorized access3. Industry standards and guidelines often recommend session timeouts as a critical security control to protect against unauthorized access4.