Web Application Security Quiz

10 Questions

Settings
Please wait...
Web Application Security Quiz

Do you think you know enough about security issues in Web applications? Can you think with the mind of a hacker? Test your knowledge with our interactive quiz! Check how much you know, share the results, and help your colleagues learn more about secure coding. Simply click on the "start" button. It's fun and easy - so don't wait!


Questions and Answers
  • 1. 
    • A. 

      Item=1' UNION SELECT 1,2,name FROM master..sysobjects WHERE xtype='U

    • B. 

      Item=1 or 1=1

    • C. 

      User=1 UNION SELECT 1,2,name FROM master..sysdatabases

    • D. 

      User=1 or 1=1--

    • E. 

      User=1; WAITFOR DELAY '0:0:5';--

  • 2. 
    A web application implements a SQL operation in the following way (pseudocode):   The application uses a MSSQL database running on a different machine from the web server. The database has one user (the built-in administrator account is not used). If an attacker can control the value of user and item, he can… 
    • A. 

      … obtain any data from the web application’s database.

    • B. 

      … delete or modify arbitrary data in the web application’s database.

    • C. 

      … read files from the database server.

    • D. 

      … run arbitrary code on the database server.

    • E. 

      … run arbitrary code on the web server.

  • 3. 
    The most effective way of protecting against SQL injection is… 
    • A. 

      … blacklisting strings such as "1 OR 1=1" and "UNION" from input.

    • B. 

      … using an intrusion detection system to detect attacks.

    • C. 

      … whitelisting input (e.g. only allowing alphanumerical characters and spaces).

    • D. 

      … use of prepared statements or parametrized queries.

    • E. 

      … segmenting database accounts and minimizing their user rights.

  • 4. 
    • A. 

      The attacker may be able to run arbitrary code on the user's machine.

    • B. 

      The attacker can exploit a XSS vulnerability in order to impersonate a user.

    • C. 

      Reflected XSS vulnerabilities can only be triggered if the user performs a certain action.

    • D. 

      The user cannot do anything to protect himself against reflected XSS on a page that he normally trusts.

    • E. 

      An XSS payload may use AJAX requests to persistently infect multiple pages on the host.

  • 5. 
    If a web application includes a WYSIWYG editor, which of the approaches described below would NOT be appropriate for dealing with potential XSS in user input?
    • A. 

      Looking for dangerous strings such as <script>, javascript: and eval(.*) in user-submitted data, and removing them.

    • B. 

      Converting HTML control characters such as < to HTML entities such as &lt;.

    • C. 

      Only allowing certain 'safe' tags for formatting, such as <b>, <i>, <p>, <br>.

    • D. 

      Using special tags (such as [url=...]) and converting them to HTML

    • E. 

      Using a HTML filter library to remove potential XSS code from output.

  • 6. 
    Which of the following statements is true with respect to handling file uploads and spam?
    • A. 

      It is a good solution to explicitly change the extension of uploaded files to match their (expected) content, and check their validity by attempting to open them with the appropriate function.

    • B. 

      If uploaded content is filtered by extension (.aspx, .jsp, .inc, .php), it prevents the attacker from uploading executable scripts to the server.

    • C. 

      It is possible to effectively filter dangerous content by checking the MIME type of uploaded files.

    • D. 

      Since there are numerous CAPTCHA solver tools and human-powered online CAPTCHA solver services available, using a CAPTCHA to deter spam will have no effect.

    • E. 

      To prevent spam, it is a good idea to select a CAPTCHA that requires solving a complex mathematical / geometry problem.

  • 7. 
    If the current page has been downloaded from https://example.com/admin/index.jsp, what address may the JavaScripts running on the page can download data from?
    • A. 

      Https://en.example.com/admin/index.aspx

    • B. 

      Http://example.com:443/admin/index.php

    • C. 

      Https://example.com:80/admin/content.php

    • D. 

      Https://example.com/attacker/index.asp

    • E. 

      Http://example.com/admin/index.jsp

  • 8. 
    Which statement is true with respect to HTML5 security?
    • A. 

      In HTML5, AJAX calls can read from other domains without restrictions.

    • B. 

      Thanks to the new possibilities of HTML5, an attacker can steal data from an iframe through ClickJacking.

    • C. 

      If a page does not use the new features introduced by HTML5, it is a good way to protect against the new security risks introduced by those features.

    • D. 

      HTML5 makes it easier to protect against XSS.

    • E. 

      Local Storage cannot be directly manipulated by XSS.

  • 9. 
    If the attacker can run JavaScript on the user’s machine, he can expect to…
    • A. 

      … modify other currently running scripts.

    • B. 

      … simulate user clicks in the browser.

    • C. 

      … run arbitrary native code on the user’s machine.

    • D. 

      … modify user session data.

    • E. 

      … act as a keylogger within the scope of the JavaScript’s origin.

  • 10. 
    To prevent cross-site request forgery attacks in AJAX requests, you can…
    • A. 

      … deliberately add garbage (e.g. &&&NOTHING&&&) or unused JavaScript code that goes in an endless loop to your page.

    • B. 

      … add the Access-Control-Allow-Origin header to only allow cross-origin requests from the site that is supposed to perform the AJAX requests.

    • C. 

      … use POST XmlHttpRequests instead of GET

    • D. 

      … use referrer checks to only send responses to XmlHttpRequests to the site that is supposed to perform the AJAX requests.

    • E. 

      … send your XmlHttpRequest data in JSON format instead of XML.