Advance Web Application Security Testing Quiz Questions and Answers

You receive an e-mail from Desjardins saying that you have won a contest. What should you do?

Answer :
  • Contact your caisse to confirm the information

What is the attack technique used to exploit web sites by altering backend database queries through inputting manipulated queries?

Answer :
  • SQL Injection

For a connection that changes from HTTP to HTTPS, what flaw arises if you do not change the session identifier?

Answer :
  • Session Replay

Which of the following attacks occurs when a malicious user convinces a victim to send a request to a server with malicious input and the server echoes the input back to client?

Answer :
  • Reflected XSS

Which of the following procedures are involved in the hardening process?

Answer :
  • Disable unnecessary features.

If user input can be confused for instructions in the language or the way the language is applied then the language is vulnerable to an injection attack.

Answer :
  • TRUE

When you submit malicious code that is stored rather than executed immediately is known as_________.

Answer :
  • Second order SQL Injection

What happens when an application takes user-inputted data and sends it to a web browser without proper validation and escaping?

Answer :
  • Cross Site Scripting

What threat arises from not flagging HTTP cookies with tokens as secure?

Answer :
  • Session Hijacking

Which threat can be prevented by having unique usernames generated with a high degree of entropy?

Answer :
  • Authentication bypass