What Is Your Secureiq?

10 Questions | Total Attempts: 54

SettingsSettingsSettings
Software Quizzes & Trivia

Take the challenge to see how much you know about developing secure. Net web applications.


Questions and Answers
  • 1. 
    You should always authorize a user's action immediately before performing the action.
    • A. 

      True

    • B. 

      False

  • 2. 
    Which statement best describes the Principle of Least Privilege ?
    • A. 

      Don’t do anything, turn stuff on, add features unless you absolutely need them. Anything you do adds additional risk; the most secure system is one that doesn’t do anything at all.

    • B. 

      Grant users only the minimum required access they need in order to perform the business function.

    • C. 

      Two security gates are better than one.

    • D. 

      In the failure scenario don’t open the system to attack.

  • 3. 
    You should constrain user input to data you know is safe by (select all that apply):
    • A. 

      Setting max length on ASP.NET and HTML input controls

    • B. 

      Using ASP.NET validation controls (RequiredFieldValidation, CompareValidator, RangeValidator, RegularExpressionValidator, CustomValidator) to constrain user input via ASP.NET input controls as much as possible.

    • C. 

      Constraining user input to a white list (list of acceptable characters).

    • D. 

      Constraining user input to a black list (list of all un acceptable characters).

  • 4. 
    Select the line of code that shows a correct way to guard against cross site scripting attacks.
    • A. 

      Response.Write(InputText.Text);

    • B. 

      Response.Write(HttpUtility.HtmlEncode(InputText.Text));

    • C. 

      Response.Write(MyCustomFunctionRemoveBadChars(InputText.Text));

  • 5. 
    You must _____ use string concatenation to construct code at runtime from data received from external data sources. 
  • 6. 
    What is SQL injection?
    • A. 

      When another user's credentials are stolen and used to connect to a sql database.

    • B. 

      When a hacker gets access to the database and modifies data in the database.

    • C. 

      When user input is used to alter a SQL statement to perform an unintended action.

    • D. 

      When a hacker gets access to the database and modifies stored procedures in the database.

  • 7. 
    What are the potential consequences of a SQL injection attack?
    • A. 

      Unauthorized access of data to select, update, delete

    • B. 

      Deletion or modification of database objects

    • C. 

      Deletion of all files on the database server.

    • D. 

      Data corruption

  • 8. 
    Which of the following are valid SQL injection counter measures?
    • A. 

      Use paramaterized queries.

    • B. 

      Constrain user input to known valid data.

    • C. 

      Connect to the database with a low privileged account.

    • D. 

      Connect to the database with a high privileged account.

  • 9. 
    Which scenario below best describes the principle of defense in depth?
    • A. 

      Implement client side javascript validation on a method, server side validation on the server method.

    • B. 

      Implement client side javascript validation on a method only.

  • 10. 
    Which of the following are security principles?
    • A. 

      Defense in depth.

    • B. 

      Fail securely.

    • C. 

      Keep it simple to Minimize the Attack Surface Area.

    • D. 

      Reluctance to trust.

Back to Top Back to top