Application threat modeling Quiz - 1
Description: Application threat modeling, Security, Security tools and best practices | |
Number of Questions: 19 | |
Created by: Aliensbrain Bot | |
Tags: security technology |
When you developing an application both secured and not secured web pages, what is the reason for the need to have the login page SSL enabled
-
MITM proxy can be used to change the URL to a non secured one
-
If the login page is not SSL enabled, the credentials will be transmitted in plain text to the web server and Attacker can sniff the credentials supplied by the user
-
Firewall logs will have the credentials in plain text
-
proxy logs will have the credentials in plain text
To develop an application that includes both secured and non-secured web pages, it is important to have the login page SSL (Secure Sockets Layer) enabled in order to protect sensitive user information. The SSL protocol is used to establish a secure and encrypted connection between the user's web browser and the web server.
Now, let's go through each option and explain why it is right or wrong:
A. MITM proxy can be used to change the URL to a non-secured one - This option is a possible security vulnerability. A Man-in-the-Middle (MITM) attack can be used to intercept the user's traffic and redirect them to a non-secured URL. However, enabling SSL on the login page does not directly mitigate this threat.
B. If the login page is not SSL enabled, the credentials will be transmitted in plain text to the web server and Attacker can sniff the credentials supplied by the user - This option is correct. If the login page is not SSL enabled, the credentials supplied by the user will be transmitted in plain text, which can be sniffed by attackers. This can lead to sensitive information such as usernames and passwords being compromised.
C. Firewall logs will have the credentials in plain text - This option is incorrect. Enabling SSL on the login page does not directly affect the firewall logs. Firewall logs can capture network traffic, including login credentials, regardless of whether SSL is enabled or not.
D. Proxy logs will have the credentials in plain text - This option is also correct. If SSL is not enabled on the login page, the credentials supplied by the user will be transmitted in plain text, which can be captured by proxies. This can lead to sensitive information such as usernames and passwords being compromised.
Therefore, the correct answer is:
The Answer is: B. If the login page is not SSL enabled, the credentials will be transmitted in plain text to the web server and attacker can sniff the credentials supplied by the user.
-
During multi-staged login, the application should validate the credentials supplied at each stage only
-
Hidden variables should be used to remember the previous stage values and current stage supplier credentials to be validated at server end
-
During multi-staged login, the application should validate the credentials supplied at each stage and previous stages
-
Credentials supplied at the prevoius stage should be saved in cookie and current stage supplier credentials to be validated at server end
To ensure application security during multi-staged login in an application, the developer should ensure that the credentials supplied at each stage are validated before moving to the next stage.
Option A states that the application should validate the credentials supplied at each stage only. This option is partially correct. Validation of credentials at each stage is necessary, but validating only at each stage is not enough. It is important to validate the credentials of previous stages as well to ensure security.
Option B suggests that hidden variables should be used to remember the previous stage values and current stage supplier credentials to be validated at the server end. Hidden variables can be used to store data, but they do not guarantee security. Attackers can access and modify hidden variables, which can lead to security vulnerabilities.
Option C is the correct answer. During multi-staged login, the application should validate the credentials supplied at each stage and previous stages. This ensures that all supplied credentials are correct and valid before allowing access to the application.
Option D suggests that credentials supplied at the previous stage should be saved in a cookie and current stage supplier credentials to be validated at the server end. Saving credentials in cookies can also lead to security vulnerabilities as attackers can access and modify cookies.
Therefore, the correct answer is:
The Answer is: C. During multi-staged login, the application should validate the credentials supplied at each stage and previous stages.
Which of the following is an attack technique that forces a web site to echo client-supplied data, which execute in a user’s web browser
-
XSS
-
Reflection Attack
-
Mirror Attack
-
XSLT
AI Explanation
To answer this question, you need to understand the concept of different attack techniques used in web security.
Let's go through each option to understand why it is correct or incorrect:
Option A) XSS (Cross-Site Scripting) - This option is correct. XSS is an attack technique that forces a website to echo client-supplied data, which then executes in a user's web browser. This allows the attacker to inject malicious code into the website and potentially steal sensitive information or perform unauthorized actions.
Option B) Reflection Attack - This option is incorrect. A reflection attack is a type of DDoS attack that exploits the use of reflection amplification techniques to overwhelm a target system with traffic. It does not involve forcing a website to echo client-supplied data.
Option C) Mirror Attack - This option is incorrect. A mirror attack is not a recognized term in the context of web security. It does not relate to the described attack technique.
Option D) XSLT (Extensible Stylesheet Language Transformations) - This option is incorrect. XSLT is a language used for transforming XML documents into different formats. It is not an attack technique that forces a website to echo client-supplied data.
The correct answer is Option A) XSS. This option is correct because XSS is an attack technique that fits the description provided in the question.
Which of the following is an attack technique used to exploit "dynamic file include" mechanisms in web applications
-
Dynamic File Attack
-
Remote File Inclusion
-
Dynamic Data Attack
-
Data Dynamics
AI Explanation
To answer this question, you need to understand the concept of "dynamic file include" mechanisms in web applications and the attack techniques used to exploit them.
Option A) Dynamic File Attack - This option is incorrect because "dynamic file attack" is not a recognized attack technique used to exploit "dynamic file include" mechanisms in web applications.
Option B) Remote File Inclusion - This option is correct because "remote file inclusion" is a common attack technique used to exploit "dynamic file include" mechanisms in web applications. It involves an attacker including a remote file into a web application, which can allow them to execute malicious code or gain unauthorized access.
Option C) Dynamic Data Attack - This option is incorrect because "dynamic data attack" is not a recognized attack technique used to exploit "dynamic file include" mechanisms in web applications.
Option D) Data Dynamics - This option is incorrect because "data dynamics" is not a recognized attack technique used to exploit "dynamic file include" mechanisms in web applications.
The correct answer is B) Remote File Inclusion. This option is correct because "remote file inclusion" is a well-known attack technique used to exploit "dynamic file include" mechanisms in web applications.
What is Static Analysis
-
Static Code Analysis is the analysis of software code by actually executing the binaries resulting from this code
-
Static Code Analysis is the analysis of software code without actually executing the binaries resulting from this code
-
Static Code Analysis is the analysis of executables resulting from this code
-
None of the above
AI Explanation
To answer this question, you need to understand what static code analysis is.
Static code analysis is a method of analyzing software code without actually executing the binaries resulting from this code. It involves examining the code itself to identify potential issues, such as coding errors, security vulnerabilities, or non-compliance with coding standards.
Let's go through each option to understand why it is correct or incorrect:
Option A) Static Code Analysis is the analysis of software code by actually executing the binaries resulting from this code - This option is incorrect because static code analysis does not involve executing binaries. It focuses on analyzing the code itself.
Option B) Static Code Analysis is the analysis of software code without actually executing the binaries resulting from this code - This option is correct because it accurately describes static code analysis.
Option C) Static Code Analysis is the analysis of executables resulting from this code - This option is incorrect because static code analysis is performed on the source code before it is compiled into executables.
Option D) None of the above - This option is incorrect because option B is the correct answer.
The correct answer is B) Static Code Analysis is the analysis of software code without actually executing the binaries resulting from this code.
The process of addressing a security vulnerability by blocking an attack vector that could exploit it is known as
-
Anti Patching
-
Anti Attack
-
Virtual Patching
-
Patch Attack
AI Explanation
To answer this question, you need to understand the concept of addressing security vulnerabilities.
Option A) Anti Patching - This option is incorrect because "anti patching" does not describe the process of addressing a security vulnerability by blocking an attack vector.
Option B) Anti Attack - This option is incorrect because "anti attack" does not specifically refer to the process of addressing a security vulnerability by blocking an attack vector.
Option C) Virtual Patching - This option is correct because virtual patching refers to the process of addressing a security vulnerability by blocking an attack vector that could exploit it. Virtual patching involves implementing temporary security measures to protect against known vulnerabilities while a proper patch or fix is being developed and deployed.
Option D) Patch Attack - This option is incorrect because "patch attack" does not accurately describe the process of addressing a security vulnerability by blocking an attack vector.
The correct answer is C) Virtual Patching. This option is correct because it accurately describes the process of addressing a security vulnerability by blocking an attack vector that could exploit it.
AppSensor is a popular
-
Web Applictation Firewall
-
Application Based Intrusion Detection
-
Database Monitoring
-
Virtual Private Lan
AI Explanation
To answer this question, we need to understand what AppSensor is and what it is commonly used for.
AppSensor is a popular application-based intrusion detection system (IDS). It is designed to detect and respond to malicious activities or attacks targeting an application. AppSensor works by monitoring various application-level events and user behaviors, such as login attempts, input validation failures, and access patterns.
Now, let's go through each option to understand why it is correct or incorrect:
Option A) Web Application Firewall (WAF) - This option is incorrect because AppSensor is not a web application firewall. A WAF is a security control that is placed between a web application and the client to filter and monitor HTTP traffic.
Option B) Application-based Intrusion Detection - This option is correct because AppSensor is indeed a popular application-based intrusion detection system. It focuses on detecting and responding to attacks targeting an application.
Option C) Database Monitoring - This option is incorrect because AppSensor does not specifically focus on monitoring databases. While it can monitor certain application-level events related to database interactions, its primary function is to detect and respond to application-level attacks.
Option D) Virtual Private LAN (VLAN) - This option is incorrect because AppSensor is not related to virtual private LANs. VLANs are used to logically separate a network into smaller segments.
The correct answer is B) Application-based Intrusion Detection. This option is correct because AppSensor is a popular application-based intrusion detection system that helps in detecting and responding to attacks targeting an application.
ModSecurity is a popular
-
Web Applictation Firewall
-
Application Based Intrusion Detection
-
Database Monitoring
-
Virtual Private Lan
Any attack which is based on information gained from physical implementation of a crypto system,rather than brute force or algorithm weakness is known as
-
Back Attack
-
Unknown Attack
-
Reverse Attack
-
Side Channel Attack
AI Explanation
To answer this question, we need to understand the concept of side channel attacks.
Option A) Back Attack - This option is incorrect because there is no specific attack known as a "back attack" in the context of cryptography.
Option B) Unknown Attack - This option is incorrect because the term "unknown attack" does not specifically refer to attacks based on information gained from the physical implementation of a crypto system.
Option C) Reverse Attack - This option is incorrect because the term "reverse attack" does not specifically refer to attacks based on information gained from the physical implementation of a crypto system.
Option D) Side Channel Attack - This option is correct. A side channel attack is an attack on a cryptographic system that is based on information gained from the physical implementation of the system, rather than relying on brute force or algorithm weaknesses. Side channel attacks exploit unintended side effects of a system's implementation, such as timing information, power consumption, electromagnetic radiation, or sound, to gain information about the secret key or plaintext.
The correct answer is D) Side Channel Attack. This option is correct because it accurately describes an attack that is based on information gained from the physical implementation of a crypto system.
Which of the following is not a function of Database Activity Monitor
-
Previlged User Monitoring
-
Application Activity Monitoring
-
Cyberattack Protection
-
Database Recovery
Which of the following is a valid method of classifying computer security threats
-
DREAD
-
FEAR
-
SAFE
-
DEAF
AI Explanation
To answer this question, you need to understand the method of classifying computer security threats. Let's go through each option to understand why it is correct or incorrect:
Option A) DREAD - This option is correct because DREAD is a valid method of classifying computer security threats. DREAD stands for Damage, Reproducibility, Exploitability, Affected users, and Discoverability. It is a risk assessment model used to prioritize threats based on these factors.
Option B) FEAR - This option is incorrect because FEAR is not a valid method of classifying computer security threats. FEAR is not an established acronym or model used in the field of computer security.
Option C) SAFE - This option is incorrect because SAFE is not a valid method of classifying computer security threats. SAFE is not an established acronym or model used in the field of computer security.
Option D) DEAF - This option is incorrect because DEAF is not a valid method of classifying computer security threats. DEAF is not an established acronym or model used in the field of computer security.
The correct answer is A) DREAD. This option is correct because DREAD is a valid method of classifying computer security threats based on factors like Damage, Reproducibility, Exploitability, Affected users, and Discoverability.
Which of the following is a valid threat modelling methodology
-
STRIDE
-
PRIDE
-
BRIDE
-
RIDE
AI Explanation
To answer this question, you need to understand threat modeling and different methodologies used for it.
Threat modeling is a systematic approach used to identify, evaluate, and mitigate potential threats to a system or application. It helps in understanding and managing the risks associated with a system.
Let's go through each option to understand why it is correct or incorrect:
Option A) STRIDE - This option is correct because STRIDE is a valid threat modeling methodology. STRIDE stands for Spoofing, Tampering, Repudiation, Information disclosure, Denial of service, and Elevation of privilege. It is a framework that helps in identifying and categorizing threats based on these six categories.
Option B) PRIDE - This option is incorrect because PRIDE is not a valid threat modeling methodology. It is not commonly used or recognized in the field of threat modeling.
Option C) BRIDE - This option is incorrect because BRIDE is not a valid threat modeling methodology. It is not commonly used or recognized in the field of threat modeling.
Option D) RIDE - This option is incorrect because RIDE is not a valid threat modeling methodology. It is not commonly used or recognized in the field of threat modeling.
The correct answer is Option A) STRIDE. This option is correct because STRIDE is a widely recognized and used threat modeling methodology.
If an attacker submit multiple input parameters (query string, post data, cookies,etc.) of the same name, the application may react in unexpected ways and open up new avenues of server-side and client-side exploitation.This is the premise of
-
HTTP Parameter Pollution
-
Session Splitting
-
Parameter Damage
-
Parameter Busting
To solve this question, the user needs to understand the concept of security vulnerabilities related to web applications.
The correct answer is A. HTTP Parameter Pollution.
Explanation:
HTTP Parameter Pollution (HPP) is a security vulnerability that arises when an attacker submits multiple input parameters of the same name to a web application. This can lead to unexpected behaviors on the server-side and client-side, which can then be exploited by attackers to achieve their goals.
Option B, Session Splitting, is not related to the given premise. Session Splitting is a technique used to distribute user sessions across multiple servers to improve performance and scalability.
Option C, Parameter Damage, is not a commonly used term in the field of web application security. It is not related to the given premise.
Option D, Parameter Busting, is not a commonly used term in the field of web application security. It is not related to the given premise.
Therefore, the correct answer is:
The Answer is: A. HTTP Parameter Pollution.
What is a an Evercookie?
-
Evercookie is a javascript API available that produces extremely persistent cookies in a browser
-
Evercookie is a cookie anonymysing tool
-
Evercookie is a FireFox Plugin
-
Evercookie is a cookie pollution tool
AI Explanation
To answer this question, you need to understand what an Evercookie is.
Option A) Evercookie is a javascript API available that produces extremely persistent cookies in a browser - This option is correct. An Evercookie is a JavaScript API that is designed to produce extremely persistent cookies in a web browser. It uses various techniques to store cookie data in multiple locations, making it difficult to remove or delete these cookies.
Option B) Evercookie is a cookie anonymizing tool - This option is incorrect. Evercookie is not a cookie anonymizing tool. It is a tool that creates persistent cookies.
Option C) Evercookie is a Firefox Plugin - This option is incorrect. Evercookie is not a Firefox plugin. It is a JavaScript API that works on multiple web browsers.
Option D) Evercookie is a cookie pollution tool - This option is incorrect. Evercookie is not a cookie pollution tool. It is a tool that creates persistent cookies.
The correct answer is A) Evercookie is a javascript API available that produces extremely persistent cookies in a browser. This option is correct because an Evercookie is a JavaScript API that creates persistent cookies in a web browser.
Which of the following is a valid crypto graphic attack
-
Padding Oracle Attack
-
Padding CBC Attack
-
Oracle Lockback
-
Padding Filter
AI Explanation
To answer this question, you need to understand cryptographic attacks. Let's go through each option to understand why it is correct or incorrect:
Option A) Padding Oracle Attack - This option is correct. A padding oracle attack is a type of cryptographic attack that targets systems using padding in cryptographic protocols. The attacker exploits the system's behavior when it receives padding errors to decrypt or manipulate encrypted data.
Option B) Padding CBC Attack - This option is incorrect. Padding CBC attack is not a recognized cryptographic attack. CBC (Cipher Block Chaining) is a mode of operation for block ciphers, and padding is a technique used to ensure that the length of the plaintext is a multiple of the block size. However, padding CBC attack is not a known attack.
Option C) Oracle Lockback - This option is incorrect. Oracle Lockback is not a recognized cryptographic attack. It seems to be a made-up term.
Option D) Padding Filter - This option is incorrect. Padding Filter is not a recognized cryptographic attack. It seems to be a made-up term.
The correct answer is A) Padding Oracle Attack. This option is correct because a padding oracle attack is a valid cryptographic attack where the attacker exploits padding errors in cryptographic protocols.
Strcpy(), strcat(), strncpy(), sprint(), gets() are all included in
-
Safe APIs
-
Banned APIs
-
String APIs
-
CAPIs
AI Explanation
To answer this question, you need to understand the purpose and characteristics of these functions.
Option A) Safe APIs - This option is incorrect because some of the functions mentioned, such as gets()
, are considered unsafe and can lead to buffer overflow vulnerabilities.
Option B) Banned APIs - This option is correct because some of the functions mentioned, such as gets()
, are considered unsafe and have been banned in modern programming practices due to security concerns.
Option C) String APIs - This option is incorrect because while some of the functions mentioned, such as strcpy()
, strcat()
, and strncpy()
, are related to manipulating strings, not all of them fall into this category.
Option D) CAPIs - This option is incorrect because the term "CAPIs" is not commonly used to refer to these functions.
The correct answer is B) Banned APIs. This option is correct because some of the functions mentioned, such as gets()
, have been banned in modern programming practices due to security vulnerabilities.
_________is a free static code analysis tool from Microsoft that checks .NET managed code assemblies for conformance to Microsoft's .NET Framework Design Guidelines
-
MsCop
-
FxCop
-
RsCop
-
DxCop
AI Explanation
To answer this question, you need to be familiar with the static code analysis tool provided by Microsoft for checking .NET managed code assemblies against the .NET Framework Design Guidelines.
Option A) MsCop - This option is incorrect because there is no known tool called "MsCop" provided by Microsoft for static code analysis.
Option B) FxCop - This option is correct. FxCop is a free static code analysis tool from Microsoft that checks .NET managed code assemblies for conformance to Microsoft's .NET Framework Design Guidelines.
Option C) RsCop - This option is incorrect because there is no known tool called "RsCop" provided by Microsoft for static code analysis.
Option D) DxCop - This option is incorrect because there is no known tool called "DxCop" provided by Microsoft for static code analysis.
The correct answer is B) FxCop. This option is correct because FxCop is the free static code analysis tool from Microsoft that checks .NET managed code assemblies for conformance to Microsoft's .NET Framework Design Guidelines.
Ollydbg is a popular
-
Compiler
-
Reverse Engineering tool
-
Database Monitoring tool
-
Macro Analyzer
AI Explanation
To answer this question, you need to understand the purpose of Ollydbg.
Option A) Compiler - This option is incorrect because Ollydbg is not a compiler. A compiler is a software tool that converts source code written in a programming language into machine code or executable code.
Option B) Reverse Engineering tool - This option is correct. Ollydbg is a popular reverse engineering tool used for analyzing and debugging binary files, such as executable programs and libraries. It allows users to examine the code, modify it, and understand how it works.
Option C) Database Monitoring tool - This option is incorrect. Ollydbg is not a database monitoring tool. Database monitoring tools are used to track and analyze the performance, usage, and behavior of databases.
Option D) Macro Analyzer - This option is incorrect. Ollydbg is not a macro analyzer. A macro analyzer is a tool used to analyze and track macros in programming languages.
The correct answer is B) Reverse Engineering tool. This option is correct because Ollydbg is widely known and used as a tool for reverse engineering and analyzing binary files.
NOP sled technique is a popular
-
Reverse Engineering Technique
-
Buffer Overflow Attack Technique
-
Log Analysing Technique
-
Data Analysis Technique
AI Explanation
To answer this question, you need to understand the NOP sled technique and its purpose.
The NOP sled technique is a popular technique used in buffer overflow attacks.
A buffer overflow attack occurs when a program or system tries to store more data in a buffer than it was designed to hold. This can lead to the overwriting of adjacent memory locations, allowing an attacker to execute arbitrary code or take control of the system.
In a buffer overflow attack, the attacker injects malicious code into a buffer, and then overwrites the return address of a function with the address of the injected code. However, it can be challenging to precisely locate the injected code's address, especially if the buffer's size is not known.
This is where the NOP sled technique comes into play. NOP stands for "no operation," which is a type of instruction that does nothing when executed. The NOP sled is a long sequence of NOP instructions placed before the injected code. When the buffer overflow occurs, the execution flow will slide down the NOP sled until it reaches the injected code. This technique increases the chances of hitting the injected code's address, even if the exact location is not known.
Therefore, the correct answer is B) Buffer Overflow Attack Technique, as the NOP sled technique is commonly used in buffer overflow attacks.