Which explanation about OAuth, application logic, or configuration vulnerabilities, is not correct?

MIS Discussion Questions

1. Title: Can Voluntary Regulation Really Work?

It has been said that pure capitalism will destroy the world. At the end of the day the goal of a business is to make money. We have seen numerous examples of businesses that shirk ethical guidelines and operate in the gray area in order to increase profits (Enron, Bernie Madoff, etc.). This week we have seen that certain sectors do not fall under the regulatory control of the government.

From a homeland security standpoint, should we be trusting private companies to be voluntarily accountable? What are some of the pitfalls of this method? Are there any benefits? Should some of the sectors be more closely regulated by the government while others are left to voluntarily do the right thing?

2. With the knowledge that OAuth is a framework or protocol (depending on the version), application logic and configuration vulnerabilities are basically mistakes made by developers, how can this information be useful to a hacker with malicious intentions? Explain your position in 200 words
3. Which explanation about OAuth, application logic, or configuration vulnerabilities, is not correct? Justify your choice.

1. When a programmer’s coding logic is incorrect can create an opportunity for an attacker to exploit for malicious intent.
2. Authorization servers are trusted to issue OAuth access tokens to clients.
3. Developer mistakes can result in application logic or configuration vulnerabilities.
4. Programmer or developer mistakes can result in either application or configuration vulnerabilities that attackers can potentially exploit.
5. A configuration vulnerability occurs when a user misconfigures a tool or program in a way that results in a vulnerability.

Answer preview……………………..

apa 980 words