You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: learn-pr/advocates/top-5-security-items-to-consider/3-inputs-and-outputs.yml
+5-5Lines changed: 5 additions & 5 deletions
Original file line number
Diff line number
Diff line change
@@ -17,7 +17,7 @@ quiz:
17
17
18
18
- content: "Which of the following data sources need to be validated?"
19
19
choices:
20
-
- content: "Data from a 3rd party API"
20
+
- content: "Data from a third-party API"
21
21
isCorrect: false
22
22
explanation: "This is just one of many sources that needs to be validated."
23
23
- content: "Data from the URL parameter"
@@ -34,10 +34,10 @@ quiz:
34
34
choices:
35
35
- content: "They're more organized than inline database commands, and therefore less confusing for users."
36
36
isCorrect: false
37
-
explanation: "Organization of the code is not the reason that parameterized queries are more secure than inline SQL."
37
+
explanation: "Organization of the code isn't the reason that parameterized queries are more secure than inline SQL."
38
38
- content: "There's a clear outline of the script in the stored procedure, ensuring better visibility."
39
39
isCorrect: false
40
-
explanation: "Clear outline of the script is not the reason that parameterized queries are more secure than inline SQL."
40
+
explanation: "Clear outline of the script isn't the reason that parameterized queries are more secure than inline SQL."
41
41
- content: "Parameterized queries substitute variables before running queries, meaning it avoids the opportunity for code to be submitted in place of a variable."
42
42
isCorrect: true
43
43
explanation: "Parameter fields used in parameterized queries are treated as data, not code, protecting against injection vulnerabilities. For more information on how to implement parameterized queries please see the [OWASP Query Parameterization Cheat Sheet](https://cheatsheetseries.owasp.org/cheatsheets/Query_Parameterization_Cheat_Sheet.html)."
@@ -50,9 +50,9 @@ quiz:
50
50
- content: "Data to be output to the screen"
51
51
isCorrect: true
52
52
explanation: "Data sent to the screen needs to be output encoded to ensure it's never interpreted as code."
53
-
- content: "Data sent to a 3rd party API"
53
+
- content: "Data sent to a third-party API"
54
54
isCorrect: false
55
-
explanation: "Although data sent to a 3rd party API needs to be validated to ensure the data is good, we don't need to encode it for output."
55
+
explanation: "Although data sent to a third-party API needs to be validated to ensure the data is good, we don't need to encode it for output."
56
56
- content: "Data in the URL parameters"
57
57
isCorrect: false
58
58
explanation: "Although data from URL Parameters needs to be validated before it's used in our application, we don't need to encode it for output."
0 commit comments