IS3445 CHAP 9 MITIGATING WEB APPLICATION VULNERABILITIES

Question 1

___ is a standard that enables communication between Web forms and your program.

Answer 1

(CGI) Common Gateway Interface

Question 2

___ is a scripting programming language, most commonly used to add interactive features to Web pages.

Answer 2

JavaScript

Question 3

___ is a strategy for separating programs and running them in their own virtual space.

Answer 3

Sandbox

Question 4

___ is the exploitation of a vial computer session to gain unauthorized access to information and services within the targeted computer.

Answer 4

Session hijacking

Question 5

___ is the mechanisms used to track and control changes in software.

Answer 5

(SCM) Software configuration management

Question 6

___ is a software program containing computer scripts that interact with the end user. Ex: Web mail, shopping carts, portals, games etc.

Answer 6

Web application

Question 7

1. Before integrating a Web application, a designer must be aware of the associated risks and measures to mitigate those risks.
   TRUE OR FALSE

Answer 7

TRUE

Question 8

2. Which of the following are primary components of a Web application? (Select two)
3. Web server
4. Application server
5. Client browser
6. Database

Answer 8

Web server

Application server

Database

Question 9

3. When a secure Web application is designed, the only aspect that can be manipulated is private access areas.
   TRUE OR FALSE.

Answer 9

FALSE.

Question 10

4. A security policy may contain which of the following elements?
5. Secure coding procedures
6. Access control mechanisms
7. Non-compliance consequences
8. All the above
9. 2 & 3 only

Answer 10

Access control mechanisms

Non-compliance consequences

Question 11

5. You are part of a programming team developing a Web application. Your manager has implemented tracking mechanisms to ensure all developers work on the application within the same guidelines. What has your manager implemented?
6. Acceptable use policy
7. Application-based access control
8. SCM
9. Correct usage policy

Answer 11

SCM

Question 12

6. A malicious user has gained access to the administrator’s account and increased the user’s account status. This is an example of ___>

Answer 12

Elevation of privilege

Question 13

7. Session management defines how systems handle and mange user sessions.
   TRUE OR FALSE

Answer 13

TRUE

Question 14

8. ___ can occur within a Web application when a user’s authentication token is intercepted by the attackers and used to bypass the authentication controls of the application.

Answer 14

Session replay

Question 15

9. Which of the following are fundamental aspects of the JavaScript secure coding standard? (Select two)
10. Duplicate code for redundancy
11. Restrict privileges
12. Establish trust boundaries
13. Use Dynamic SQL

Answer 15

Restrict privileges

Establish trust boundaries

Question 16

10. You have decided to use several forms in your HTML Web site. Which of the following types of attacks may take advantage of poorly programmed HTML forms?
11. Social engineering
12. Injection
13. Man-in-the-middle
14. Elevation of privilege

Answer 16

Injection

Question 17

11. Which of the following should you use to secure online forms?
12. Input validation
13. Secure communication protocols
14. Password protection
15. All the above

Answer 17

Input validation

Secure communication protocols

Password protection

Question 18

12. Error messages can reveal information about a server that an attacker can use to exploit the system.
    TRUE OR FALSE

Answer 18

TRUE