Quiz: Could you detect an application attack?

More Information Learn how to improve application layer logging techniques Download Application logging is critical in detecting hack attacks, and listen to this tip on your MP3 player.

As application layer attacks continue to rise, information security practitioners should use logging techniques to protect their application servers. Take this five-question quiz to test your application security awareness, review common application attacks and learn how to improve application layer logging to detect and protect against these attacks.

1. Which of the following attacks is said to have arisen because the C programming language supplied the framework and poor programming practices supplied the vulnerability?
a. SQL injection
b. Buffer overflow
c. Cross-site scripting
d. SYN flood
Answer

2. Which of the following protocols can be used to ensure consistency in logging across applications, platforms and devices, governs network management, and monitors network devices and their functions?
a. EGP
b. IGP
c. RIP
d. SNMP
Answer

3. Which of the following statements about application logging is false?
a. Application logging can provide you with critical information in the event of a security incident.
b. Proactive monitoring will provide you with the ability to detect events in near real-time.
c. Reactive monitoring will offer invaluable assistance to forensic investigators.
d. It's difficult to start.
Answer

4. Which attack uses a multitude of compromised systems to send a flood of incoming messages to the target system to shut it down?
a. Denial-of-service attack
b. SYN flood attack
c. Distributed denial-of-service attack
d. None of the above
Answer

5. To improve the overall quality of Web applications, developers should abide by which of the following rules?
a. Trust user supplied data.
b. Clean and validate all user input.
c. Use GET instead of POST.
d. Allow the use of HIDDEN form fields.
Answer

BROWSE BY TAG Application and Platform Security,   Web Security Tools and Best Practices,   Web Application Security,   Securing Productivity Applications,   VIEW ALL TAGS

Digg This!     StumbleUpon     Del.icio.us

RELATED CONTENT Web Application Security nCircle statistics show rising Web application vulnerabilities Twitter bugs, DNSSEC and broswer security Month of Twitter Bugs project to document Twitter flaws Are Web application penetration tests still important? IT pros can detect, prevent website vulnerabilities, thwart attacks PCI compliance requirement 6: Systems and applications Trust eroding as social engineering attacks climb in 2009, says Kaspersky expert US-CERT warns of Gumblar, Martuz drive-by exploits XSS bugs, information leakage top list of website vulnerabilities How to find and stop automated SQL injection attacks Securing Productivity Applications Adobe fixes critical Shockwave Flash Player flaw Adobe issues first quarterly patch release fixing 13 flaws Adobe shifts to Microsoft patching process, incident response plan Balancing security and performance: Protecting layer 7 on the network Software Piracy pandemic needs government role, better vendor antipiracy plans McAfee to acquire Solidcore Systems for whitelisting Adobe issues Reader update fixing zero-day flaw Microsoft to patch critical PowerPoint zero-day flaw PCI DSS: Best practices for compliance Adobe working on patch to correct new zero-day flaw

RELATED GLOSSARY TERMS Terms from Whatis.com − the technology online dictionary anonymous Web surfing  (SearchSecurity.com) buffer overflow  (SearchSecurity.com) cache cramming  (SearchSecurity.com) cookie poisoning  (SearchSecurity.com) dictionary attack  (SearchSecurity.com) distributed denial-of-service attack  (SearchSecurity.com) JavaScript hijacking  (SearchSecurity.com) National Computer Security Center  (SearchSecurity.com) threat modeling  (SearchSecurity.com) trigraph  (SearchSecurity.com)

RELATED RESOURCES 2020software.com, trial software downloads for accounting software, ERP software, CRM software and business software systems Search Bitpipe.com for the latest white papers and business webcasts Whatis.com, the online computer dictionary