OWASP Top 10 Quiz: Trivia!

26 Questions | Total Attempts: 21612
SettingsSettingsSettings
Please wait...
OWASP Top 10 Quiz: Trivia!

.

Questions and Answers
  • 1. 
    What is the attack technique used to exploit web sites by altering backend database queries through inputting manipulated queries?
    • A. 

      LDAP Injection

    • B. 

      XML Injection

    • C. 

      SQL Injection

    • D. 

      OS Commanding

  • 2. 
    What happens when an application takes user-inputted data and sends it to a web browser without proper validation and escaping?
    • A. 

      Security Misconfiguration

    • B. 

      Cross Site Scripting

    • C. 

      Insecure Direct Object References

    • D. 

      Broken Authentication and Session Management

  • 3. 
    What flaw arises from session tokens having poor randomness across a range of values?
    • A. 

      Insecure Direct Object References

    • B. 

      Session Replay

    • C. 

      Session Fixation

    • D. 

      Session Hijacking

  • 4. 
    An attack technique that forces a user’s session credential or session ID to an explicit value.
    • A. 

      Brute Force Attack

    • B. 

      Session Hijacking

    • C. 

      Session Fixation

    • D. 

      Dictionary Attack

  • 5. 
    An attack technique that forces a user’s session credential or session ID to an explicit value.
    • A. 

      Brute Force Attack

    • B. 

      Session Hijacking

    • C. 

      Dictionary Attack

    • D. 

      Session Fixation

  • 6. 
    What threat arises from not flagging HTTP cookies with tokens as secure?
    • A. 

      Session Hijacking

    • B. 

      Insecure Cryptographic Storage

    • C. 

      Access Control Violation

    • D. 

      Session Replay

  • 7. 
    Which attack can execute scripts in the user’s browser and is capable of hijacking user sessions, defacing websites, or redirecting the user to malicious sites?
    • A. 

      SQL Injection

    • B. 

      Cross site scripting

    • C. 

      Malware Uploading

    • D. 

      Man in the middle

  • 8. 
    What flaw can lead to exposure of resources or functionality to unintended actors?
    • A. 

      Session Fixation

    • B. 

      Improper Authentication

    • C. 

      Insecure Cryptographic Storage

    • D. 

      Unvalidated Redirects and Forwards

  • 9. 
    Which threat can be prevented by having unique usernames generated with a high degree of entropy?
    • A. 

      Crypt-analysis of hash values

    • B. 

      Spamming

    • C. 

      Authorization Bypass

    • D. 

      Authentication bypass

  • 10. 
    What threat are you vulnerable to if you do not validate the authorization of the user for direct references to restricted resources?
    • A. 

      SQL Injection

    • B. 

      Cross Site Scripting

    • C. 

      Cross Site Request Forgery

    • D. 

      Insecure Direct Object References

  • 11. 
    Role-Based Access control helps prevent this OWASP Top 10 weakness.
    • A. 

      Failure to restrict URL Access

    • B. 

      Unvalidated Redirect or Forward

    • C. 

      Security Misconfiguration

    • D. 

      Insufficient Transport Layer Protection

  • 12. 
    What is the type of flaw that occurs when untrusted user-entered data is sent to the interpreter as part of a query or command?
    • A. 

      Insecure Direct Object References

    • B. 

      Injection

    • C. 

      Cross Site Request Forgery

    • D. 

      Insufficient Transport Layer Protection

  • 13. 
    For every link or form which invokes state-changing functions with an unpredictable token for each user what attack can be prevented?
    • A. 

      OS Commanding

    • B. 

      Cross Site Scripting

    • C. 

      Cross Site Request Forgery

    • D. 

      Cross Site Tracing

  • 14. 
    For a connection that changes from HTTP to HTTPS, what flaw arises if you do not change the session identifier?
    • A. 

      Session Replay

    • B. 

      Cross Site Scripting

    • C. 

      Cross Site Request Forgery

    • D. 

      Session Hijacking

  • 15. 
    The attack exploits the trust that a site has in a user's browser.
    • A. 

      Session Hijacking

    • B. 

      Cross Site Request Forgery

    • C. 

      SQL Injection

    • D. 

      Cross Site Scripting

  • 16. 
    For an indirect reference, what happens if there’s no list of limited values authorized for a user in the direct reference?
    • A. 

      SQL Injection

    • B. 

      Brute Forcing of stored encrypted credentials

    • C. 

      XML Injection

    • D. 

      Access to sensitive data possible

  • 17. 
    We can allow client-side scripts to execute in the browsers for needed operations.
    • A. 

      True

    • B. 

      False

  • 18. 
    Session related vulnerabilities.
    • A. 

      Session Fixation

    • B. 

      Session Hijacking

    • C. 

      Session Tracing

    • D. 

      Session Spotting

    • E. 

      Session Spoofing

  • 19. 
    What is phishing?
    • A. 

      Data transfer protocol

    • B. 

      Email Scam

    • C. 

      Network scandal

    • D. 

      Cross domain scandal

  • 20. 
    What is a cookie?
    • A. 

      A computer virus

    • B. 

      A file that makes it easier to access a Web site and browse

    • C. 

      A file that hackers use to steal your identity

    • D. 

      Web application file

  • 21. 
    You receive an e-mail from Desjardins saying that you have won a contest. What should you do?
    • A. 

      Hurry to provide all the information so you can claim your prize as quickly as possible

    • B. 

      Contact your caisse to confirm the information

    • C. 

      Answer the e-mail and ask them to call you with more information.

    • D. 

      Forward the mail to others for their opinion.

  • 22. 
    An IP Address is the Internet equivalent of:
    • A. 

      Your mailing address

    • B. 

      Your Birth Date

    • C. 

      Your modem configuration number

    • D. 

      Your social security number

  • 23. 
    Statistics show that many companies connected to the Internet are not sufficiently secure. Why not?
    • A. 

      Many companies do not have a written security policy in place.

    • B. 

      Many companies do not have physical security for the company networks

    • C. 

      Many companies have insufficient protection between the Internet and company networks.

    • D. 

      Many companies have insufficient information about the traffic over the company networks.

  • 24. 
    The use of proper security techniques can:
    • A. 

      Minimize the threat of attackers

    • B. 

      Allow access to unauthorized users

    • C. 

      Prevent most hackers from accessing your system

    • D. 

      Provide 100 percent security

  • 25. 
    Network permissions should be established so that users can accomplish their tasks, but cannot access any system resources that are not necessary so that:
    • A. 

      A hacker cannot steal a legitimate user's identity

    • B. 

      Users will not have access to and misuse system resources

    • C. 

      Only the resources authorized for that user will be at risk

    • D. 

      Hackers will not pose as legitimate users

Related Topics
More Web Application Quizzes
Basic Developer Web Application Security Quiz
Basic Developer Web Application Security Quiz

     This brief quiz is based on OWASP.org's Top-Ten 2007 Web Vulnerabilities The Top-10 provides a description of, examples for and solutions to the ten most commonly discovered...

Questions: 9  |  Attempts: 3055   |  Last updated: Jan 4, 2021
  • Sample Question
    One operation that frequently has cross-site scripting (XSS) vulnerabilities is (choose exactly 1 answer):
Web Application Security! Hardest Trivia Quiz
Web Application Security! Hardest Trivia Quiz

Web application security is a critical topic, and do you need to know more about this subject? Your computer security needs to tell the difference between legitimate and malicious traffic. Someone could come onto your site and...

Questions: 10  |  Attempts: 1513   |  Last updated: Jan 5, 2021
  • Sample Question
    A web application implements a SQL operation in the following way (pseudocode): The application uses a MSSQL database running on a different machine from the web server. The database has one user (the built-in administrator account is not used). An attacker could use the following parameters to get extra data from the database's contents:
Web Application Security Quiz (Short Version)
Web Application Security Quiz (Short Version)


Questions: 5  |  Attempts: 906   |  Last updated: Feb 22, 2013
  • Sample Question
    The most effective way of protecting against SQL injection is…
More Web Application Quizzes
Featured Quizzes
Hunter x Hunter Nen Test: What is Your Nen Personality? Hunter x Hunter Nen Test: What is Your Nen Personality?
Which U.S. City Is Suitable for Your Personality Type? Quiz! Which U.S. City Is Suitable for Your Personality Type? Quiz!
Are You Really Best Friends? Take The Quiz & Prove It Are You Really Best Friends? Take The Quiz & Prove It
Are You Ready For IQ Quiz Are You Ready For IQ Quiz
What is The Perfect Gift for Your Best Friend Quiz What is The Perfect Gift for Your Best Friend Quiz
Types of Sentences Quiz Types of Sentences Quiz
Most Recent Quizzes
Sex And Consent Quiz! Sex And Consent Quiz!
What Is The First Letter Of My Future Wife's Name? Quiz What Is The First Letter Of My Future Wife's Name? Quiz
Which "Young Royals" Character Are You? Quiz Which "Young Royals" Character Are You? Quiz
Are You Addicted To Attention? Quiz Are You Addicted To Attention? Quiz
My Little Pony Quiz: Which MLP Character Are You? My Little Pony Quiz: Which MLP Character Are You?
Christmas Song Quiz! Christmas Song Quiz!
Back to Top Back to top