Home > Quiz: Web application threats and vulnerabilities
Security Quiz:
EMAIL THIS

Quiz: Web application threats and vulnerabilities

19 Jan 2006

Digg This!    StumbleUpon Toolbar StumbleUpon    Bookmark with Delicious Del.icio.us   

Web applications are subject to a barrage of threats and vulnerabilities that can put an entire enterprise at risk. Our quiz will help you determine how knowledgeable you are about securing your Web apps and whether you need to hone your Web security skills.

1.) True or False: It's OK to put sensitive information in HIDDEN form fields; after all, they're hidden.
a. True
b. False
Answer

2.) In what type of attack does an intruder manipulate a URL in such a way that the Web server executes or reveals the contents of a file anywhere on the server, including those lying outside the document root directory?
a. cross-site scripting
b. command injection
c. SQL injection
d. path traversal attacks
Answer

Go to Web Security School

Learn how to harden a Web server and apply countermeasures to prevent hackers from breaking into a network. Study at your own pace and learn how to implement security policies and test a Web site's security, as well as how to handle a breach should the unspeakable happen.

Lesson 1: Find out why your Web server is at risk and learn the essentials of locking down IIS.

Lesson 2: Learn how to handle and prevent threats to your Web server.

Lesson 3: Learn how to protect your Web applications from spyware, adware and phishing attacks.

3.) Which of the following is true of improper error handling?
a. Attackers can use error messages to extract specific information from a system.
b. Attackers can use unexpected errors to knock an application off line, creating a denial-of-service attack.
c. Unexpected errors can provide an attacker with a buffer or stack overflow condition that sets the stage for an arbitrary code execution.
d. All of the above.
Answer

4.) True or False: The "NO-CACHE" cache-control response header prohibits documents from being stored on the client.
a. True
b. False
Answer

5.) Which of the following is NOT recommended for securing Web applications against authenticated users?
a. Client-side data validation
b. Filtering data with a default deny regular expression
c. Running the application under least privileges necessary
d. Using parameterized queries to access a database
Answer

6.) In which of the following exploits does an attacker insert malicious coding into a link that appears to be from a trustworthy source?
a. cross-site scripting
b. command injection
c. path traversal attack
d. buffer overflow
Answer

7.) True or False: Encrypted data is not at risk by keyloggers.
a. True
b. False
Answer

8.) In which of the following exploits does an attacker add SQL code to a Web form input box to gain access to resources or make changes to data?
a. cross-site scripting
b. command injection
c. SQL injection
d. buffer overflow
Answer

9.) Which of the following is characteristic of spyware?
a. Blocking access to antivirus and antispyware updates
b. Aggregating surfing habits across multiple users for advertising
c. Customizing search results based on an advertiser's needs
d. All of the above
Answer

10.) True or False: Web application variables can still be manipulated even when both client and server are using digital certificates to authenticate themselves and establish an SSL connection.
a. True
b. False
Answer

How'd you score?
9-10 correct: You're an authority on Web application security
6-8 correct: You're adept in Web application security
3-5 correct: You're a Web application security apprentice
0-2 correct: You're a Web application security amateur

BROWSE BY TAG
Application and Platform Security,   Application Attacks (Buffer Overflows, Cross-Site Scripting),   Web Security Tools and Best Practices,   Web Application Security,   SSL and TLS VPN Security,   Secure VPN Setup and Configuration,   Enterprise Network Security,   VIEW ALL TAGS

Digg This!    StumbleUpon Toolbar StumbleUpon    Bookmark with Delicious Del.icio.us   


RELATED CONTENT
Application Attacks (Buffer Overflows, Cross-Site Scripting)
Adobe ColdFusion websites being compromised
PCI management: The case for Web application firewalls
Month of Twitter Bugs project to document Twitter flaws
Adobe issues first quarterly patch release fixing 13 flaws
Balancing security and performance: Protecting layer 7 on the network
Adobe issues Reader update fixing zero-day flaw
The Pipe Dream of No More Free Bugs
Security Squad: Federal cybersecurity defenses
Oracle issues 43 updates, fixes serious database flaws
Attackers target new Microsoft PowerPoint zero-day flaw
Application Attacks (Buffer Overflows, Cross-Site Scripting) Research

Web Application Security
nCircle statistics show rising Web application vulnerabilities
Twitter bugs, DNSSEC and broswer security
Month of Twitter Bugs project to document Twitter flaws
Are Web application penetration tests still important?
IT pros can detect, prevent website vulnerabilities, thwart attacks
PCI compliance requirement 6: Systems and applications
Trust eroding as social engineering attacks climb in 2009, says Kaspersky expert
US-CERT warns of Gumblar, Martuz drive-by exploits
XSS bugs, information leakage top list of website vulnerabilities
How to find and stop automated SQL injection attacks

SSL and TLS VPN Security
Creating an SSL connection between servers
Can S/MIME, XML and IPsec operate in one protocol layer?
Can secure USB devices prevent man-in-the middle attacks
How to secure SSL following new man-in-the-middle SSL attacks
SSLstrip hacking tool bypasses SSL to trick users, steal passwords
What firewall controls should be placed on the VPN?
What firewall features will best protect a LAN from Internet hack attacks and malware?
IBM USB banking device stops keyloggers, malware
Debian: A niche OS with a not-so-niche security flaw
Google Chrome unlikely to attract security-minded users

RELATED GLOSSARY TERMS
Terms from Whatis.com − the technology online dictionary
buffer overflow  (SearchSecurity.com)
cache poisoning  (SearchSecurity.com)
cyberterrorism  (SearchSecurity.com)
dictionary attack  (SearchSecurity.com)
directory harvest attack  (SearchSecurity.com)
distributed denial-of-service attack  (SearchSecurity.com)
JavaScript hijacking  (SearchSecurity.com)
ping of death  (SearchSecurity.com)
stack smashing  (SearchSecurity.com)
SYN flooding  (SearchSecurity.com)

RELATED RESOURCES
2020software.com, trial software downloads for accounting software, ERP software, CRM software and business software systems
Search Bitpipe.com for the latest white papers and business webcasts
Whatis.com, the online computer dictionary




Search Additional Security Research and Solutions
Find Security Channel Research for Resellers and Partners
TechTarget Security Media
Information Security View this month\\'s issue and subscribe today.
Information Security Decisions Apply online for free conference admission.
SearchSecurity.com
HomeNewsMagazineMultimediaWhite PapersLearningAdviceTopicsEventsAbout Us
SEARCH :     Site Index Powered by: Search Powered by Google

About Us  |  Contact Us  |  For Advertisers  |  For Business Partners  |  Site Index  |  RSS
TechTarget provides technology professionals with the information they need to perform their jobs - from developing strategy, to making cost-effective purchase decisions and managing their organizations' technology projects - with its network of technology-specific websites, events and online magazines.

TechTarget Corporate Web Site  |  Media Kits  |  Site Map




All Rights Reserved, Copyright 2003 - 2009, TechTarget | Read our Privacy Policy 		  TechTarget - The IT Media ROI Experts