Consider the following statements about the COVID-19 Web application
Which of the following is correct?
All of the statements (i) to (iv) are true.
Explanation
Security is an important consideration for Web applications. Match each of the following security terms to their correct definitions.
Authentication - The process of verifying the identity of a user who wishes to access a system.
signed cookie - An artefact that contains a user identity plus the output of a secure hash algorithm.
CSRF - A form of attack in which a malicious user induces another user to perform an action that has value for the malicious user.
Explanation
Security is an important consideration for Web applications. Authentication refers to the process of verifying the identity of a user who wishes to access a system. A signed cookie is an artefact that contains a user identity plus the output of a secure hash algorithm. CSRF, or Cross-Site Request Forgery, is a form of attack in which a malicious user induces another user to perform an action that has value for the malicious user.Which of the following is not true?
A- A cross-site request forgery attack cannot be induced if the web application uses a GET request to execute actions.
Explanation
The correct statement: A cross-site request forgery attack cannot be induced if the web application uses a GET request to execute actions. To combat cross-site request forgery, a Web application can generate a token that is included in a form and sent to the requesting browser; on posting the form, the browser includes the token. Cross-site request forgery does not rely on guessing user credentials, and an example would be where a hacker gains control of a victim's account. This type of attack depends on cookies being used to identify the user of a request.Which of the following statements is not true?
C- Unit testing means testing two or more dependent software components as a group.
Explanation
The correct statement: Unit testing means testing two or more dependent software components as a group. Integration testing is a complementary technique to unit testing. The effect of pytest's parametrize decorator is to cause a single test method to execute multiple times with different values for its arguments. Using Flask's test client, it is possible to send HTTP requests to a Flask Web application and to inspect corresponding responses. The Flask API includes support for testing Web applications.Which of the following statements is not true in relation to Flask.
C- Flask is a well-known and widely used framework that provides reusable classes and functions for developing Web applications. The framework allows for integration with other libraries that are helpful in developing Web applications.