As application layer attacks continue to rise, information security practitioners should use logging techniques to protect their application servers. Take this five-question quiz to test your application security awareness, review common application attacks and learn how to improve application layer logging to detect and protect against these attacks.
1. Which of the following attacks is said to have arisen because the C programming language supplied the framework and poor programming practices supplied the vulnerability?
a. SQL injection
b. Buffer overflow
c. Cross-site scripting
d. SYN flood
2. Which of the following protocols can be used to ensure consistency in logging across applications, platforms and devices, governs network management, and monitors network devices and their functions?
3. Which of the following statements about application logging is false?
a. Application logging can provide you with critical information in the event of a security incident.
b. Proactive monitoring will provide you with the ability to detect events in near real-time.
c. Reactive monitoring will offer invaluable assistance to forensic investigators.
d. It's difficult to start.
4. Which attack uses a multitude of compromised systems to send a flood of incoming messages to the target system to shut it down?
a. Denial-of-service attack
b. SYN flood attack
c. Distributed denial-of-service attack
d. None of the above
5. To improve the overall quality of Web applications, developers should abide by which of the following rules?
a. Trust user supplied data.
b. Clean and validate all user input.
c. Use GET instead of POST.
d. Allow the use of HIDDEN form fields.
This was first published in July 2006