Security Quiz

Quiz: Web application threats and vulnerabilities

Web applications are subject to a barrage of threats and vulnerabilities that can put an entire enterprise at risk. Our quiz will help you determine how knowledgeable you are about securing your Web apps and whether you need to hone your Web security skills.

    Requires Free Membership to View

1.) True or False: It's OK to put sensitive information in HIDDEN form fields; after all, they're hidden.
a. True
b. False
Answer

2.) In what type of attack does an intruder manipulate a URL in such a way that the Web server executes or reveals the contents of a file anywhere on the server, including those lying outside the document root directory?
a. cross-site scripting
b. command injection
c. SQL injection
d. path traversal attacks
Answer

3.) Which of the following is true of improper error handling?
a. Attackers can use error messages to extract specific information from a system.
b. Attackers can use unexpected errors to knock an application off line, creating a denial-of-service attack.
c. Unexpected errors can provide an attacker with a buffer or stack overflow condition that sets the stage for an arbitrary code execution.
d. All of the above.
Answer

4.) True or False: The "NO-CACHE" cache-control response header prohibits documents from being stored on the client.
a. True
b. False
Answer

5.) Which of the following is NOT recommended for securing Web applications against authenticated users?
a. Client-side data validation
b. Filtering data with a default deny regular expression
c. Running the application under least privileges necessary
d. Using parameterized queries to access a database
Answer

6.) In which of the following exploits does an attacker insert malicious coding into a link that appears to be from a trustworthy source?
a. cross-site scripting
b. command injection
c. path traversal attack
d. buffer overflow
Answer

7.) True or False: Encrypted data is not at risk by keyloggers.
a. True
b. False
Answer

8.) In which of the following exploits does an attacker add SQL code to a Web form input box to gain access to resources or make changes to data?
a. cross-site scripting
b. command injection
c. SQL injection
d. buffer overflow
Answer

9.) Which of the following is characteristic of spyware?
a. Blocking access to antivirus and antispyware updates
b. Aggregating surfing habits across multiple users for advertising
c. Customizing search results based on an advertiser's needs
d. All of the above
Answer

10.) True or False: Web application variables can still be manipulated even when both client and server are using digital certificates to authenticate themselves and establish an SSL connection.
a. True
b. False
Answer


How'd you score?
9-10 correct: You're an authority on Web application security
6-8 correct: You're adept in Web application security
3-5 correct: You're a Web application security apprentice
0-2 correct: You're a Web application security amateur

This was first published in January 2006

There are Comments. Add yours.

 
TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
Sort by: OldestNewest

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to: