EXAM 1

Question 1

Why is accepting user input into a website poses a significant security risk. Provide at least two examples of potential attacks related to unvalidated input.

Answer 1

Input could contain harmful code, two examples being Cross-site scripting(XSS) and SQL injection

Question 2

Describe the concept of a layered security strategy for websites and web applications

Answer 2

Layered security involves implementing multiple security mechanisms in case one fails.

Question 3

Define a denial of service (DoS) attack

Answer 3

Spamming requests to a specific website / service to deny users of the service.

Question 4

Provide one common of DoS example of this type of attack. Briefly explain its objective.

Answer 4

Ping flood, where target is flooded withe request

Question 5

Outline the six phases of the traditional Software Development Life Cycle (SDLC)

Answer 5

Systems analysis,
Designing,
Implementation,
Testing,
Acceptance
Deployment
Maintenance.

Question 6

What is the purpose of a Common Gateway Interface (CGI) script? In the context of security, what is one crucial practice to follow when developing CGI programs?

Answer 6

CGI is used with user input and is used for retrieving information with the request from other services / programs

Input sanitization

Question 7

In which phase is the actual code written? for the SDLC?

Answer 7

Implementation Phase

Question 8

What does sandboxing do in web browsers?

Answer 8

Prevents writing / deletion of files on the computer

Question 9

What is WhiteBox Testing?

Answer 9

Attacker has ALL access to the system / information

Question 9

What is BlackBox testing?

Answer 9

Attacker has no knowledge of the system

Question 10

What is GreyBox Testing?

Answer 10

Attacker knows a little bit about of the system

Question 11

Explain the difference between the Software Development Life Cycle (SDLC) and the Secure Software Development Life Cycle (SSDLC)

Answer 11

SSDLC was made with security in mind, meaning everything is built with security being one of the priorities

Question 12

From a business standpoint, why is it important to conduct website vulnerability and security assessments?

Answer 12

It’s important to conduct website vulnerability and security assessments to reduce the risks of security breaches.

Question 13

What are some best practices for securing web applications ?

Answer 13

Input sanitization, Never rely on client side sanitation, Assume All input is malicious.

Question 14

What are some benefits to using Web Applications?

Answer 14

Not installed on disk,

Can be accessed from anywhere with internet

OS Independent

Question 15

What are some Web Application Disadvantages?

Answer 15

Performance

Browser support

Support Difficulty, no one knows where to go to get help with a bug.

Question 16

What is Server-Side Rendering?

Answer 16

Client sends request to a a server for content, and Rendering is performed on the web server and sends it to the client as is

Question 17

What is Static Site Generation?

Answer 17

Website stored on Content delivery network and is already ready to display

Question 18

What is a Single Page Application? (SPA)

Answer 18

Loads one page, and if required updates the content of the page through API’s

Question 19

What is a Progressive Web Application?

Answer 19

Runs like native app but does not reside on the device it is running on

Question 20

What is an Application Programming Interface?

Answer 20

An API is a messenger that lets two programs talk to each other.