Advance Web Application Security Testing Quiz Questions and Answers

You have not yet applied some recent service packs and updates to your Web application. Which of the following threats is your Web server susceptible to?

Answer :
  • Security misconfiguration

Which of the following input sources can be directly controlled by a malicious user?

Answer :
  • GET/POST parameters

HTTP GET parameters limit the types of manipulation a malicious user can perform on the victim to forge a request.

Answer :
  • FALSE

Which of the following practices should you observe in order to implement defense-in-depth techniques against CSRF attacks?

Answer :
  • Don’t include secrets in the URL.

Which of the following functionalities should you include in an authentication and session management system?

Answer :
  • Logout functionality

Why should you use CAPTCHA?

Answer :
  • To protect authentication systems from automated or brute-force attacks

What should you do before passing credentials over the network?

Answer :
  • Replace the credentials with a cryptographic salt and hash.

Your Web application stores information about many accounts. Which threat is your Web application susceptible to if you can manipulate the URL of an account page to access all accounts?

Answer :
  • Insecure direct object reference

Which of the following is an authentication system mandatory requirement?

Answer :
  • User logout and session inactivity controls.