Web Security Quiz
| Description: This quiz is about the security on Web, contains question related to Cross Site Scripting (XSS), Security Best practices. | |
| Number of Questions: 20 | |
| Created by: Aliensbrain Bot | |
| Tags: security |
Web server will log which part of a GET request?
-
Hidden tags
-
Query Strings
-
Header
-
Cookies
AI Explanation
To answer this question, we need to understand the components of a GET request.
A GET request is a type of HTTP request that is used to retrieve information from a server. It consists of several components, including the URL, headers, and query parameters.
The correct answer is B) Query Strings. Query strings are a part of the URL that follows a question mark (?) and contains key-value pairs. They are used to send additional information to the server, such as parameters or filters for the requested data.
Web servers typically log the query strings of a GET request in their access logs. This allows administrators to monitor and analyze the incoming requests and track the specific parameters and values used in each request.
Let's go through each option to understand why it is correct or incorrect:
A) Hidden tags - Hidden tags are not a part of a GET request. They are typically used in HTML forms to include additional data that is not visible to the user. Web servers do not log hidden tags.
B) Query Strings - This option is correct because query strings are a part of the URL and contain additional information sent to the server. Web servers typically log the query strings of a GET request.
C) Header - The header of a GET request contains metadata about the request, such as the user agent, accepted content types, and cookies. While headers are logged by web servers, they do not specifically log the header as a separate part of the request.
D) Cookies - Cookies are a separate component of a GET request and are used to store session information or user preferences. While web servers may log the cookies sent in a request, they are not specifically logged as a part of the GET request.
Therefore, the correct answer is B) Query Strings, as web servers log the query strings of a GET request.
How can we prevent dictionary attacks on password hashes ?
-
Hashing the password twice
-
Encrypting the password using the private key
-
Use an encryption algorithm you wrote your self so no one knows how it works
-
Salting the hash
To prevent dictionary attacks on password hashes, we can use a technique called "salting." A salt is a random string of characters that is added to a password before it is hashed. This adds an additional layer of complexity to the hash, making it more difficult for an attacker to use a pre-computed dictionary of hashes to crack passwords.
Now, let's go through each option and explain why it is right or wrong:
A. Encrypting the password using the private key: This option is incorrect. Encryption and hashing are two different techniques. Encryption is a two-way process that can be reversed using a key, while hashing is a one-way process that cannot be reversed. Also, using a private key to encrypt the password would not prevent dictionary attacks.
B. Hashing the password twice: This option is incorrect. Hashing the password twice does not provide any additional security against dictionary attacks. In fact, it can create a vulnerability known as "hash collision," where two different passwords can produce the same hash.
C. Use an encryption algorithm you wrote yourself so no one knows how it works: This option is incorrect. Creating your encryption algorithm is not recommended since it is hard to ensure that the algorithm can resist all types of attacks.
D. Salting the hash: This option is correct. Salting the hash involves adding a random string of data to the password before hashing it. This makes it more difficult for an attacker to precompute a dictionary of hashes and use it to crack passwords. Thus, option D is the correct answer.
The Answer is: D
Implementing Access Control based on a hard coded IP address
-
Can be done as it as an internal IP
-
Can be done for internet facing servers as there are no chances of IP conflicts
-
Is a good security practice
-
Is a bad security practice
-
Should be placed securely in a folder called “temp” in the web root
-
Can be placed anywhere in the web root as long as there are no links to them
-
Should be completely removed from the server
-
Can be placed anywhere after changing the extension
To handle temporary data, one frequently used practice is to store the data in temporary files. To correctly handle temporary files, the user needs to know where the files should be placed, how to handle the files, and how to remove them when they are no longer needed.
Option A is incorrect because placing temporary files in a folder called "temp" in the web root is not secure. Doing so would allow anyone with access to the web root to access and potentially manipulate these files.
Option B is also incorrect because placing temporary files anywhere in the web root is not safe. This can make the files accessible to anyone who knows the filename or path.
Option C is not always necessary. While it is important to remove temporary files when they are no longer needed, it is not always possible to remove them completely from the server. In some cases, temporary files may be necessary for the proper functioning of the application.
Option D is not a recommended practice. Changing the file extension does not provide any additional security or protection against unauthorized access.
Therefore, the best option is to store temporary files in a separate folder that is not accessible from the web. This folder should have strict access permissions to ensure that only authorized users can access it. Once the files are no longer needed, they should be deleted using secure deletion methods.
The Answer is: C
What is the preferred medium for backing up log files ?
-
Print the logs to a paper
-
Create a copy of data in your laptop/desktop
-
Copy the files to CD-R's
-
None of the above
AI Explanation
To answer this question, let's go through each option to understand why it is correct or incorrect:
Option A) Print the logs to paper - This option is not the preferred medium for backing up log files. While printing logs to paper can provide a physical backup, it is not efficient or practical for large volumes of data. Additionally, paper backups can be easily lost, damaged, or destroyed.
Option B) Create a copy of data in your laptop/desktop - This option is also not the preferred medium for backing up log files. While creating a copy of the data on your laptop or desktop can provide a backup, it is not a reliable solution. If the laptop or desktop is damaged, lost, or stolen, the backup would also be lost.
Option C) Copy the files to CD-R's - This option is the correct answer. Copying log files to CD-R's is a common and preferred method for backing up log files. CD-R's provide a reliable and portable storage medium, allowing you to easily store and transport log files. They are also relatively inexpensive and have a long shelf life.
Option D) None of the above - This option is incorrect. Option C, copying the files to CD-R's, is the preferred medium for backing up log files.
Therefore, the correct answer is option C.
What is the common cause of buffer over flows, cross-site scripting, SQL injection and format string attacks?
-
Unvalidated input
-
Lack of authentication
-
Improper error handing
-
Insecure configuration management
To solve this question, the user needs to know the common cause of several types of attacks, such as buffer overflows, cross-site scripting, SQL injection, and format string attacks.
The common cause of these types of attacks is unvalidated input. Attackers can exploit vulnerabilities in a program by providing input that is not properly validated by the program. This can allow them to execute arbitrary code, manipulate data, or gain unauthorized access to a system.
Option A is correct because unvalidated input is the root cause of all the attacks listed in the question.
Option B (Lack of authentication) is incorrect because authentication is not directly related to these types of attacks. While authentication can help prevent unauthorized access to a system, it does not address the issue of unvalidated input.
Option C (Improper error handling) is incorrect because while improper error handling can be a vulnerability that can be exploited, it is not the root cause of these types of attacks.
Option D (Insecure configuration management) is incorrect because while insecure configuration management can lead to vulnerabilities that can be exploited, it is not the root cause of these types of attacks.
The Answer is: A
Out of the following which one can be considered as a possible solutions for SQL injection vulnerability?
-
Data Validation
-
Secure Cookies
-
Encryption
-
Comprehensive exception handling
To solve this question, the user needs to understand the concept of SQL injection and the methods to prevent it.
SQL injection is a type of vulnerability that allows an attacker to insert malicious SQL code into a database query. This can result in unauthorized access to sensitive data, modification of data, or even the deletion of data. To prevent SQL injection attacks, various methods can be used.
Now, let's go through each option and explain why it is right or wrong:
A. Data Validation: This option is correct. Data validation is a technique used to ensure that the data entered by the user is in the correct format. By validating the user input, it is possible to prevent SQL injection attacks as the malicious SQL code will not be executed.
B. Secure Cookies: This option is incorrect. Secure cookies are used to prevent session hijacking and cross-site scripting attacks. However, they have no effect on SQL injection attacks.
C. Encryption: This option is incorrect. Encryption is used to protect data in transit and at rest. However, it does not prevent SQL injection attacks.
D. Comprehensive exception handling: This option is incorrect. Comprehensive exception handling is used to handle errors and exceptions that occur during program execution. It does not prevent SQL injection attacks.
The Answer is: A
Which of the following is appropriate for customer emails regarding a limited time promotional offer?
-
Request that the user authenticate him/herself by replying to the email with their account credentials.
-
Personalized greeting line
-
Providing easy access to the customer's account via a “Click Here” style link
-
Sending the email from a domain set up specifically for the special offer
AI Explanation
To answer this question, let's go through each option to understand why it is correct or incorrect:
Option A) Request that the user authenticate him/herself by replying to the email with their account credentials - This option is incorrect. Asking customers to reply to an email with their account credentials is not a secure practice and could put their personal information at risk.
Option B) Personalized greeting line - This option is correct. When sending customer emails regarding a limited time promotional offer, it is important to use a personalized greeting line to make the email feel more personal and engaging for the customer.
Option C) Providing easy access to the customer's account via a “Click Here” style link - This option is incorrect. While it is important to provide easy access to the customer's account, including a "Click Here" style link in an email can be considered unsafe as it may lead to phishing attempts or malicious websites.
Option D) Sending the email from a domain set up specifically for the special offer - This option is incorrect. While using a domain specifically for the special offer might make the email appear more official, it is not a necessity for customer emails regarding a limited time promotional offer.
The correct answer is B) Personalized greeting line. This option is correct because it creates a more personalized and engaging experience for the customer.
Cross Site Scripting is an attack against
-
Client (Browser)
-
Database
-
Web Application
-
Web Server
AI Explanation
To answer this question, you need to understand Cross-Site Scripting (XSS) and the target of this attack.
Cross-Site Scripting (XSS) is a type of security vulnerability that allows attackers to inject malicious scripts into web pages viewed by other users. These scripts can be used to steal sensitive information, manipulate web content, or perform other malicious actions.
The correct answer is:
Option A) Client (Browser) - This option is correct. Cross-Site Scripting attacks target the client-side, specifically the web browser. The attacker injects malicious scripts into a web page that is then executed by the victim's browser. This can lead to the compromise of user data or the unauthorized manipulation of web content.
Option B) Database - This option is incorrect. Cross-Site Scripting attacks do not directly target databases. However, if the injected scripts are able to manipulate the web application's database queries, it could indirectly impact the database.
Option C) Web Application - This option is incorrect. Cross-Site Scripting attacks exploit vulnerabilities in web applications, but the actual attack is against the client-side browser.
Option D) Web Server - This option is incorrect. Cross-Site Scripting attacks do not directly target web servers. The attack occurs when the malicious scripts are executed by the victim's browser.
Therefore, the correct answer is Option A) Client (Browser) because Cross-Site Scripting attacks are against the client-side browser.
Which cookie flag, when set, will prevent their transmission over non secure channel?
-
Secure
-
Domain
-
Expires
-
Static
To answer this question, the user needs to have knowledge about cookie flags and their purposes.
The Secure flag is used to ensure that cookies are only transmitted over an encrypted (HTTPS) connection. So, it is the flag that will prevent cookies from being transmitted over a non-secure channel.
Option A: Secure is correct.
Option B: Domain is used to specify the domain name to which the cookie should be sent. This flag is not related to preventing transmission over non-secure channels.
Option C: Expires is used to set an expiration time for the cookie. This flag is not related to preventing transmission over non-secure channels.
Option D: Static is not a valid cookie flag.
Therefore, the answer is:
The Answer is: A. Secure.
The main risk to a web application in a cross site scripting attack is …
-
Compromise of users
-
Loss of data integrity
-
Destruction of data
-
None of the above
To solve this question, the user needs to know about cross-site scripting (XSS) attacks and their impact on web applications.
Cross-site scripting (XSS) attacks occur when an attacker injects malicious code into a web page viewed by other users. The attack allows the attacker to steal user data, such as passwords or session tokens, or to manipulate the content of the web page in a way that is harmful to users.
Now, let's go through each option and explain why it is right or wrong:
A. Compromise of users: This option is correct. One of the main risks of a cross-site scripting attack is that it can compromise the security of users. An attacker can use the attack to steal user data, such as login credentials or session tokens, and use that data to gain unauthorized access to other parts of the application or other applications entirely.
B. Loss of data integrity: This option is incorrect. While cross-site scripting attacks can result in the loss of data, the greater risk is the compromise of user security.
C. Destruction of data: This option is incorrect. Cross-site scripting attacks are not typically used to destroy data. Instead, they are used to steal data or manipulate web content.
D. None of the above: This option is incorrect. As explained above, option A is the correct answer.
The Answer is: A
Out of the following which can be considered as user input for which validation is not required
-
Host Header
-
Cookie
-
Referrer Header
-
None of the above
To solve this question, the user needs to know about user input validation.
User input validation is the process of verifying that the input provided by the user is within the expected parameters. It is essential to validate user input, as it can prevent attacks such as SQL injection and cross-site scripting.
Now, let's go through each option and explain why it is right or wrong:
A. Host Header: The Host header is an HTTP header that specifies the domain name of the server where the current request is being handled. This header is typically used to map a domain name to an IP address. While Host header is used as user input, it is typically not considered a user-controlled input, and validation is not needed.
B. Cookie: Cookies are small text files that are stored on a user's computer by a web browser. They are commonly used to store user preferences, session information, and other data. Cookies are generated and managed by the server-side, and the user cannot modify their content. Therefore, validation of cookies is not required.
C. Referrer Header: The Referrer header is an HTTP header that identifies the URL of the web page that linked to the current page. Like the Host header, the Referrer header is typically not considered user-controlled input, and validation is not needed.
D. None of the above: This option is incorrect since we have explained that options A, B, and C do not require user input validation.
The Answer is: D. None of the above.
Which languages are vulnerable to Cross Site Scripting attacks ?
-
Java
-
ASP.Net
-
Perl
-
All of the above
To solve this question, the user needs to have knowledge of Cross Site Scripting (XSS) and the programming languages that can be vulnerable to it.
Cross Site Scripting (XSS) is a type of web vulnerability that allows attackers to inject malicious code into web pages viewed by other users. This can result in the theft of sensitive data, such as login credentials, bank account information, and other personal information.
Now, let's go through each option and explain why it is right or wrong:
A. Java: Java web applications can be vulnerable to XSS attacks if they do not properly sanitize user input. This makes option A partially correct.
B. ASP.Net: ASP.Net web applications can also be vulnerable to XSS attacks if they do not properly sanitize user input. This makes option B partially correct.
C. Perl: Perl web applications can also be vulnerable to XSS attacks if they do not properly sanitize user input. This makes option C partially correct.
D. All of the above: Since options A, B, and C are all partially correct, option D is the correct answer. All of the above languages are vulnerable to XSS attacks if they do not properly sanitize user input.
Therefore, the correct answer is: D
-
Data is validated against a list of values that are known to be valid
-
Data is validated against a list of values that are known to be invalid
-
Both of the above
-
None of the above
To solve this question, the user needs to know the definition of "White List" data validation.
Option A is correct. "White List" data validation means that the data is validated against a list of values that are known to be valid. This means that any input that is not on the list of valid values will be rejected or flagged as invalid. It is a way to ensure that only authorized data is accepted.
Option B is incorrect. "Black List" data validation would mean that the data is validated against a list of values that are known to be invalid. In this case, any input that matches a value on the list would be rejected or flagged as invalid.
Option C is incorrect. While both options A and B are described, "White List" data validation refers specifically to option A.
Option D is incorrect. At least one of the options (option A) is correct.
Therefore, the answer is: A. Data is validated against a list of values that are known to be valid.
Failing to properly validate uploaded files could result in:
-
Arbitrary code execution
-
Inadequate caching headers
-
Distributed Denial of Service Attack against clients
-
None of the above
To answer this question, the user needs to understand the concept of file validation and its importance for web security.
Option A, arbitrary code execution, is the correct answer. Failing to properly validate uploaded files can allow an attacker to upload and execute malicious code on the server. This can lead to various attacks such as remote code execution, cross-site scripting, or SQL injection.
Option B, inadequate caching headers, is incorrect. Caching headers are unrelated to file validation and refer to how web browsers should cache files to optimize page loading.
Option C, Distributed Denial of Service (DDoS) attack against clients, is also incorrect. DDoS attacks are a form of cyber attack that aim to overwhelm a server or network with traffic to make it unavailable to legitimate users. While file validation can help prevent DDoS attacks by filtering out malicious traffic, it is not the cause of such attacks.
Option D, none of the above, is incorrect as well, as explained above.
Therefore, the correct answer is:
The Answer is: A
In which of the following exploits does an attacker insert malicious code into a link that appears to be from a trustworthy source?
-
Cross-Site Scripting
-
Buffer over flows
-
Command injection
-
Path traversal attack
To answer this question, the user needs to have knowledge about different types of cyber attacks and their characteristics.
The correct answer is:
A. Cross-Site Scripting (XSS): In this type of attack, the attacker injects malicious code (usually in the form of a script) into a link that appears to be from a trustworthy source, such as a website or an email. When a user clicks on the link, the malicious code is executed in the user's web browser, allowing the attacker to steal sensitive information or perform other malicious actions.
B. Buffer overflows: In this type of attack, the attacker sends more data to a program than it can handle, causing it to crash or allowing the attacker to execute arbitrary code.
C. Command injection: In this type of attack, the attacker injects malicious code into a system command that is executed by the target system, allowing the attacker to gain unauthorized access or perform other malicious actions.
D. Path traversal attack: In this type of attack, the attacker exploits a vulnerability in a web application to access files or directories that are outside the web root directory.
Therefore, the correct answer is:
The Answer is: A. Cross-Site Scripting.
Which of the following should be stored in the cookie?
-
Session ID
-
Account Privileges
-
UserName
-
Password
What should be considered the most while doing data classification
-
The type of users who would be accessing the data
-
Availability, Integrity and Confidentiality
-
The threat level the company faces
-
Access controls protecting the data
AI Explanation
To answer this question, you need to understand the key factors to consider while doing data classification.
Option A) The type of users who would be accessing the data - This option is incorrect because although the type of users accessing the data is important, it is not the most crucial factor to consider in data classification.
Option B) Availability, Integrity, and Confidentiality - This option is correct because data classification should primarily focus on ensuring the availability, integrity, and confidentiality of the data. Availability refers to ensuring that the data is accessible when needed, integrity refers to maintaining the accuracy and consistency of the data, and confidentiality refers to protecting the data from unauthorized access.
Option C) The threat level the company faces - This option is incorrect because while the threat level is important in determining security measures, it is not directly related to data classification. Data classification focuses on categorizing data based on its sensitivity and determining appropriate security controls.
Option D) Access controls protecting the data - This option is incorrect because access controls are part of the security measures implemented to protect data. While access controls are important, they are not the only consideration in data classification.
The correct answer is B) Availability, Integrity, and Confidentiality. This option is correct because data classification should primarily focus on ensuring the availability, integrity, and confidentiality of the data.
-
Availability, Integrity, Confidentiality
-
Usability, Reliability, Accountability
-
Quality, Accountability, Integrity
-
None of the above