security Online Quiz - 9
Description: security Online Quiz - 9 | |
Number of Questions: 20 | |
Created by: Aliensbrain Bot | |
Tags: security |
Which of the following are countermeasures for XSS
- Releasing Resources after use
- Input Validation
- Running with least privilege
- URL based access control
- Output Encoding
The following code is part of a system daemon that is run with elevated privileges. It opens a temp file in /tmp directory as a cache. Is there an issue in this code sample? Please assume that filling up /tmp is not an issue here.
int outfile = fopen(“/tmp/cache_data”, O_WRONLY | O_CREAT | O_TRUNC, 0600);
Is writing to an already freed memory a vulnerability?
x = malloc(200); /* do something with x */
free (x); /* do something else */
strcpy(x, “somedata”);
In the following code, which is the location of vulnerability?
1 bIsAdmin = true;
2 try
3 {
4 function ();
5 bIsAdmin = isAdminUser(userName);
6 }
7 catch (Exception ex)
8 {
9 log.write(ex.toString());
10 }
In the following code, which is the location of vulnerability?
1 String username = req.getParameter("loginID");
2 String password = req.getParameter("loginPassword");
3 String sql = "SELECT UserID from Employee WHERE Emp_ID = ? AND Password=?";
4 pstmt = con.prepareStatement(sql);
5 pstmt.setString(1,username);
6 pstmt.setString(2,password);
7 pstmt.execute();
8 user = pstmt.getResultSet();
9 if(user!=null)
10 {
11 while (user.next())
12 {
13 userInfo.add(user.getString(1));
14 }
15 }
16 else
17 {
18 log.debug(“Invalid Login: Login ID-”+ username+” Password-”+ password);
19 }
Are there any memory issues in the following code? Please assume that variable inputsize has the correct size.
int add_num_array(int inputsize, int num) {
int *newnum = malloc (inputsize * sizeof(int)); /* 1 */
int i;
for (i=0; i
What is the vulnerability in this code?
char output[20];
/* Assume data is a character array with value %200d asdf */
sprintf(output, data);
What can go wrong in following code?
#include
int main(int argc, char *argv[]) {
if(argc != 3) {
printf("usage: %s [source] [dest]\n", argv[0]);
exit(1);
}
char x;
FILE *file[2];
file[0] = fopen(argv[1],"r+");
file[1] = fopen(argv[2],"w+");
for(x = 0; x < 2; x++) {
if(file[x] == NULL) {
printf("error opening file.\n");
exit(1);
}
}
do {
x = fgetc(file[0]);
fputc(x,file[1]);
} while(x != EOF);
for(x = 0; x < 2; x++)
fclose(file[x]);
return 0;
}
Which compilation switch should be enabled for stack protection? Choose the best and most secure option.
Which statement creates a buffer over flow? (Line numbers are marked using comments /* */)
#include
#include
#include
int main (int argc, char *argv[]) {
int i=0,j=1;
char ipstring[80];
for (;i<=3;i++){
cout<