ISC2 Certified Secure Software Lifecycle Professional (CSSLP) Practice Question

After containing and eradicating a SQL-injection breach in a production web application, you are asked to conduct a root cause analysis to keep the flaw from re-occurring. Which source of evidence will most directly reveal when and how the vulnerable code entered the application?

Version-control system commit history for the application's data-access code
Web-server access logs containing the full HTTP request lines and headers
Packet captures collected by the intrusion detection system during the attack window
Database transaction logs for the time period surrounding the compromise

Report Issue

Answer Description

Root cause analysis goes beyond identifying the observable attack traffic; it seeks to discover the underlying mistake that allowed the incident to happen so that future recurrences can be prevented. While network captures, web-server logs, and database transaction logs confirm what occurred during the attack, they do not show why the vulnerability existed. Reviewing the version control (source-code) commit history pinpoints the exact change set in which input validation was weakened or unsafe dynamic SQL was introduced, identifies the developer and review process involved, and provides the context needed to correct the flaw and adjust secure-coding or code-review practices. Therefore, the version control history offers the most direct path to understanding the root cause. The other artifacts can supplement the investigation but are less effective for tracing the origin of the coding error.

Ask Bash

Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.