
	Home > Security Tips > Fun with Security > Infosec Know IT All Trivia: Application security

Security Tips:

EMAIL THIS

TIPS & NEWSLETTERS TOPICS

FUN WITH SECURITY

Infosec Know IT All Trivia: Application security

Crystal I. Ferraro, Site Editor
05.01.2003
Rating: -3.25- (out of 5)

Digg This!

StumbleUpon

Del.icio.us

Test your knowledge of securing applications with these trivia questions. Scroll down to the bottom of the page for the correct answer.

1.) A cracker exploits this in order to use a Web application to transport an attack to a user's browser. It can expose a local machine or enable an attacker to spoof content.
a. unvalidated parameter
b. buffer overflow
c. command injection flaw
d. cross-site scripting flaw

2.) This language recently proposed to Oasis will be designed to provide a standard way for application vulnerabilities to be defined and classified.
a. XrML
b. AVDL
c. SAML
d. XACML

3.) This attack against Web applications involves getting information from a server by modifying the session's cookie.
a. chaffing
b. brain fingerprinting
c. cookie poisoning
d. cookie hijacking

4.) In this type of attack against database-driven applications, the intruder manipulates a site's Web-based interfaces to force the database to execute undesirable code.
a. smurfing
b. SQL injection
c. nuking
d. phreaking

5.) This protects Web applications written in Perl from dangerous code by assuming that all user input is potentially malicious and placing restrictions on the actions that the script may perform on that input.
a. promiscuous mode
b. Tempest-shielding
c. data key
d. taint mode

What do you think of our trivia questions? Are they too easy? Too hard? Let us know.

Want to learn more about securing your applications? Listen to this on-demand webcast with @Stake program director Andrew Jaquith.

ANSWERS:

1.) d. cross-site scripting flaw
Learn more about common vulnerabilities with these Best Web Links.

2.) b. AVDL
Learn more about Web services security standards with this article, Sorting out the Web services security landscape

3.) c. cookie poisoning
For more information about cookie poisoning, read the definition in our SearchSecurity.com glossary.

4.) b. SQL injection
Learn more about SQL injection in the white paper SQL injection: Are your Web applications vulnerable?

5.) d. taint mode
For more information on vulnerabilities due to poorly constructed code, read the tip Buffer overflows.

Rate this Tip
To rate tips, you must be a member of SearchSecurity.com. Register now to start rating these tips. Log in if you are already a member.

BROWSE BY TAG

Infrastructure and Network Security, Secure Messaging (E-mail & IM), Securing the Internet and E-Commerce, Application and Platform Security, Web Security Tools and Best Practices, Web Application Security, Application Attacks (Buffer Overflows, Cross-Site Scripting), Fun with Security, Web Services Security and SOA Security, VIEW ALL TAGS

Digg This!

StumbleUpon

Del.icio.us

RELATED CONTENT

	Infrastructure and Network Security
	VPNs: IPsec vs. SSL
	Sensitive student data cracked at U. of Georgia
	Microsoft patches IE spoofing problem
	Geer slams Windows dominance, calls for government intervention
	IE update clears up spoofing issue
	Countdown begins for Mydoom DDoS attacks
	Microsoft to disable spoofing syntax in IE
	IE flaw could fool users in illicit downloads
	Mydoom variant targets security features, Microsoft
	Hackers scanning for ports opened by Mydoom

Secure Messaging (E-mail & IM)

The best of SearchSecurity.com

Security Alert: Mydoom-A

Keys to an effective virus incident-response team

Best practices: E-mail security policies

Understanding and Preventing Spam

The security policy document library: E-mail policy

Virus alert: Sobig-E

Encryption and electronic mail

Focus on viruses

Best practices for application security

Securing the Internet and E-Commerce

Sensitive student data cracked at U. of Georgia

Microsoft patches IE spoofing problem

Countdown begins for Mydoom DDoS attacks

IE update clears up spoofing issue

Microsoft to disable spoofing syntax in IE

IE flaw could fool users in illicit downloads

Mydoom variant targets security features, Microsoft

Hackers scanning for ports opened by Mydoom

Dangerous, familiar application vulnerabilities top list

Potent Mydoom worm flooding inboxes

RELATED RESOURCES

2020software.com, trial software downloads for accounting software, ERP software, CRM software and business software systems

Search Bitpipe.com for the latest white papers and business webcasts

Whatis.com, the online computer dictionary

DISCLAIMER: Our Tips Exchange is a forum for you to share technical advice and expertise with your peers and to learn from other enterprise IT professionals. TechTarget provides the infrastructure to facilitate this sharing of information. However, we cannot guarantee the accuracy or validity of the material submitted. You agree that your use of the Ask The Expert services and your reliance on any questions, answers, information or other materials received through this Web site is at your own risk.

Research Solutions for Network Security, Access Control and Security Threats

View this month\\'s issue and subscribe today.

Apply online for free conference admission.

SEARCH :

Site Index

TechTarget provides technology professionals with the information they need to perform their jobs - from developing strategy, to making cost-effective purchase decisions and managing their organizations' technology projects - with its network of technology-specific websites, events and online magazines.


TechTarget Corporate Web Site \| Media Kits \| Site Map All Rights Reserved, Copyright 2003 - 2009, TechTarget \| Read our Privacy Policy