Web Application Security! Hardest Trivia Quiz

10 Questions | Total Attempts: 1034

SettingsSettingsSettings
Please wait...
Web Application Security! Hardest Trivia Quiz

.


Questions and Answers
  • 1. 
    • A. 

      Item=1' UNION SELECT 1,2,name FROM master..sysobjects WHERE xtype='U

    • B. 

      Item=1 or 1=1

    • C. 

      User=1 UNION SELECT 1,2,name FROM master..sysdatabases

    • D. 

      User=1 or 1=1--

    • E. 

      User=1; WAITFOR DELAY '0:0:5';--

  • 2. 
    A web application implements a SQL operation in the following way (pseudocode):   The application uses a MSSQL database running on a different machine from the web server. The database has one user (the built-in administrator account is not used). If an attacker can control the value of user and item, he can… 
    • A. 

      … obtain any data from the web application’s database.

    • B. 

      … delete or modify arbitrary data in the web application’s database.

    • C. 

      … read files from the database server.

    • D. 

      … run arbitrary code on the database server.

    • E. 

      … run arbitrary code on the web server.

  • 3. 
    The most effective way of protecting against SQL injection is… 
    • A. 

      … blacklisting strings such as "1 OR 1=1" and "UNION" from input.

    • B. 

      … using an intrusion detection system to detect attacks.

    • C. 

      … whitelisting input (e.g. only allowing alphanumerical characters and spaces).

    • D. 

      … use of prepared statements or parametrized queries.

    • E. 

      … segmenting database accounts and minimizing their user rights.

  • 4. 
    • A. 

      The attacker may be able to run arbitrary code on the user's machine.

    • B. 

      The attacker can exploit a XSS vulnerability in order to impersonate a user.

    • C. 

      Reflected XSS vulnerabilities can only be triggered if the user performs a certain action.

    • D. 

      The user cannot do anything to protect himself against reflected XSS on a page that he normally trusts.

    • E. 

      An XSS payload may use AJAX requests to persistently infect multiple pages on the host.

  • 5. 
    If a web application includes a WYSIWYG editor, which of the approaches described below would NOT be appropriate for dealing with potential XSS in user input?
    • A. 

      Looking for dangerous strings such as <script>, javascript: and eval(.*) in user-submitted data, and removing them.

    • B. 

      Converting HTML control characters such as < to HTML entities such as &lt;.

    • C. 

      Only allowing certain 'safe' tags for formatting, such as <b>, <i>, <p>, <br>.

    • D. 

      Using special tags (such as [url=...]) and converting them to HTML

    • E. 

      Using a HTML filter library to remove potential XSS code from output.

  • 6. 
    Which of the following statements is true with respect to handling file uploads and spam?
    • A. 

      It is a good solution to explicitly change the extension of uploaded files to match their (expected) content, and check their validity by attempting to open them with the appropriate function.

    • B. 

      If uploaded content is filtered by extension (.aspx, .jsp, .inc, .php), it prevents the attacker from uploading executable scripts to the server.

    • C. 

      It is possible to effectively filter dangerous content by checking the MIME type of uploaded files.

    • D. 

      Since there are numerous CAPTCHA solver tools and human-powered online CAPTCHA solver services available, using a CAPTCHA to deter spam will have no effect.

    • E. 

      To prevent spam, it is a good idea to select a CAPTCHA that requires solving a complex mathematical / geometry problem.

  • 7. 
    If the current page has been downloaded from https://example.com/admin/index.jsp, what address may the JavaScripts running on the page can download data from?
    • A. 

      Https://en.example.com/admin/index.aspx

    • B. 

      Http://example.com:443/admin/index.php

    • C. 

      Https://example.com:80/admin/content.php

    • D. 

      Https://example.com/attacker/index.asp

    • E. 

      Http://example.com/admin/index.jsp

  • 8. 
    Which statement is true with respect to HTML5 security?
    • A. 

      In HTML5, AJAX calls can read from other domains without restrictions.

    • B. 

      Thanks to the new possibilities of HTML5, an attacker can steal data from an iframe through ClickJacking.

    • C. 

      If a page does not use the new features introduced by HTML5, it is a good way to protect against the new security risks introduced by those features.

    • D. 

      HTML5 makes it easier to protect against XSS.

    • E. 

      Local Storage cannot be directly manipulated by XSS.

  • 9. 
    If the attacker can run JavaScript on the user’s machine, he can expect to…
    • A. 

      … modify other currently running scripts.

    • B. 

      … simulate user clicks in the browser.

    • C. 

      … run arbitrary native code on the user’s machine.

    • D. 

      … modify user session data.

    • E. 

      … act as a keylogger within the scope of the JavaScript’s origin.

  • 10. 
    To prevent cross-site request forgery attacks in AJAX requests, you can…
    • A. 

      … deliberately add garbage (e.g. &&&NOTHING&&&) or unused JavaScript code that goes in an endless loop to your page.

    • B. 

      … add the Access-Control-Allow-Origin header to only allow cross-origin requests from the site that is supposed to perform the AJAX requests.

    • C. 

      … use POST XmlHttpRequests instead of GET

    • D. 

      … use referrer checks to only send responses to XmlHttpRequests to the site that is supposed to perform the AJAX requests.

    • E. 

      … send your XmlHttpRequest data in JSON format instead of XML.