Web Application Hacking Tutorial Quiz Questions and Answers

You receive an e-mail from Desjardins saying that you have won a contest. What should you do?

Answer :
  • Contact your caisse to confirm the information

What is necessary for a cross-site script attack with cookies to be thwarted?

Answer :
  • CAPTCHAs

What are the two primary classifications of cross-site scripting?

Answer :
  • non-persistent and persistent.

Which of the following is the best way to protect against injection attacks?

Answer :
  • Input validation using an allow list

Which of the following input sources can be directly controlled by a malicious user?

Answer :
  • GET/POST parameters

You should use a blacklist wherever possible; use whitelists only as a secondary defense.

Answer :
  • FALSE

Which of the following languages are the primary targets of cross-site scripting?

Answer :
  • HTML

This attack targets interactions exploiting applications to penetrate the databases?

Answer :
  • SQL Injection

An injection flaw allows an attacker to execute an arbitrary commands within your application that are_______.

Answer :
  • Outside your control

For every link or form which invokes state-changing functions with an unpredictable token for each user what attack can be prevented?

Answer :
  • Cross Site Request Forgery