IS3445 CHAP 9 MITIGATING WEB APPLICATION VULNERABILITIES Flashcards Preview

IS3445 SEC WEB APPS > IS3445 CHAP 9 MITIGATING WEB APPLICATION VULNERABILITIES > Flashcards

Flashcards in IS3445 CHAP 9 MITIGATING WEB APPLICATION VULNERABILITIES Deck (18)
Loading flashcards...
1
Q

___ is a standard that enables communication between Web forms and your program.

A

(CGI) Common Gateway Interface

2
Q

___ is a scripting programming language, most commonly used to add interactive features to Web pages.

A

JavaScript

3
Q

___ is a strategy for separating programs and running them in their own virtual space.

A

Sandbox

4
Q

___ is the exploitation of a vial computer session to gain unauthorized access to information and services within the targeted computer.

A

Session hijacking

5
Q

___ is the mechanisms used to track and control changes in software.

A

(SCM) Software configuration management

6
Q

___ is a software program containing computer scripts that interact with the end user. Ex: Web mail, shopping carts, portals, games etc.

A

Web application

7
Q
  1. Before integrating a Web application, a designer must be aware of the associated risks and measures to mitigate those risks.
    TRUE OR FALSE
A

TRUE

8
Q
  1. Which of the following are primary components of a Web application? (Select two)
  2. Web server
  3. Application server
  4. Client browser
  5. Database
A

Web server

Application server

Database

9
Q
  1. When a secure Web application is designed, the only aspect that can be manipulated is private access areas.
    TRUE OR FALSE.
A

FALSE.

10
Q
  1. A security policy may contain which of the following elements?
  2. Secure coding procedures
  3. Access control mechanisms
  4. Non-compliance consequences
  5. All the above
  6. 2 & 3 only
A

Access control mechanisms

Non-compliance consequences

11
Q
  1. You are part of a programming team developing a Web application. Your manager has implemented tracking mechanisms to ensure all developers work on the application within the same guidelines. What has your manager implemented?
  2. Acceptable use policy
  3. Application-based access control
  4. SCM
  5. Correct usage policy
A

SCM

12
Q
  1. A malicious user has gained access to the administrator’s account and increased the user’s account status. This is an example of ___>
A

Elevation of privilege

13
Q
  1. Session management defines how systems handle and mange user sessions.
    TRUE OR FALSE
A

TRUE

14
Q
  1. ___ can occur within a Web application when a user’s authentication token is intercepted by the attackers and used to bypass the authentication controls of the application.
A

Session replay

15
Q
  1. Which of the following are fundamental aspects of the JavaScript secure coding standard? (Select two)
  2. Duplicate code for redundancy
  3. Restrict privileges
  4. Establish trust boundaries
  5. Use Dynamic SQL
A

Restrict privileges

Establish trust boundaries

16
Q
  1. You have decided to use several forms in your HTML Web site. Which of the following types of attacks may take advantage of poorly programmed HTML forms?
  2. Social engineering
  3. Injection
  4. Man-in-the-middle
  5. Elevation of privilege
A

Injection

17
Q
  1. Which of the following should you use to secure online forms?
  2. Input validation
  3. Secure communication protocols
  4. Password protection
  5. All the above
A

Input validation

Secure communication protocols

Password protection

18
Q
  1. Error messages can reveal information about a server that an attacker can use to exploit the system.
    TRUE OR FALSE
A

TRUE