IS3445 CHAP 7 INTRODUCING THE WEB APPLICATION SECURITY CONSORTIUM (WASC)

Question 1

___ is the process of securing applications in use on a network.

Answer 1

Application hardening

Question 2

___ identifies all of the files within a given directory on a Web server if the base file is not found.

Answer 2

Automatic directory listing

Question 3

___ is a practice to define what is unacceptable, excluding all other input as acceptable.

Answer 3

Blacklist

Question 4

___ is an attack that attempts to crack a cryptographic key.

Answer 4

Brute-force attack

Question 5

___ occurs in an application when more information is stored in the buffer than the space reserved for it.

Answer 5

Buffer overflow

Question 6

___ mechanisms used to protect against automated attacks. The function is to provide a challenge/response mechanism to help ensure that a Web form is being filled out by a human and not an automated process.

Answer 6

(CAPTCHA) Completely Automated Public Turing test to tell Computers and Humans Apart

Question 7

___creates a fake Web site or Web application and and fools victims into thinking it is a legitimate one.

Answer 7

Content spoofing

Question 8

___ is the confidential component of a cryptographic system. It defines how the cryptographic algorithm converts plaintext to encrypted text and back.

Answer 8

Cryptographic key

Question 9

___ is a set of rules for encoding documents electronically. It was chosen as the standard message format because of its wide spread use and open source development efforts.

Answer 9

(XML) Extensible Markup Language

Question 10

___ from a Web site or Web application perspective, an attacker’s attempt to use the session credentials of a valid user.

Answer 10

Impersonation

Question 11

___ is a TCP/IP protocol designed for downloading, or pulling, email from a mail server. It is used because although the mail is transported around the network via SMTP, users cannot always read it immediately, so it must be sorted in a central location. From this location, it needs to be downloaded, which is what it allows you to do.

Answer 11

(IMAP) Internet Message Access Protocol

Question 12

___ A protocol that provides a mechanism to access and query directory services systems.

Answer 12

(LDAP) Lightweight Directory Access Protocol

Question 13

___ is an attack that relies on eavesdropping between the sender and receiver. Attackers use their position to listen and perhaps redirect or alter communication.

Answer 13

Man-on-the-middle attack

Question 14

___ is the way applications control their output data. This data from an application may take the form of logging printing, coding, error messages, or raw data to be passed on to another application.

Answer 14

Output handling

Question 15

___ is an attack in which the attacker attempts to circumvent acceptable file and directory areas to access files, directories, and data located elsewhere on the server. This is accomplished by changing the URL to point to other areas on the server.

Answer 15

Path traversal attack

Question 16

___ is the concept of providing users with as few privileges as possible, just enough to fulfill their network needs. It is a security measure that ensures users are not granted more permissions than needed.

Answer 16

Principle of least privilege

Question 17

___ is the correct sequence of steps in a transaction or online process.

Answer 17

Process validation

Question 18

___ is a form of man-on-the-middle attack in which an intermediary attacker reroutes data to an alternate location.

Answer 18

Routing detour attack

Question 19

___ is inspection of user input for potentially harmful code and modifying the code according to predetermined guidelines. It often involves identifying and disallowing specific characters and syntax sequences.

Answer 19

Sanitization

Question 20

____ is an injection attack that occurs on the server and not on the client system. In this attack, malicious code is placed in a Web application that is then stored on the server. When the Web application is executed locally on the Web server, the malicious code carries out it function.

Answer 20

(SSI) Server-side include injection

Question 21

___ identifies previous previous users to a Web site and stores user specific information about a session.

Answer 21

Session ID

Question 22

___ as the successor to Secure Socket Layer, this provides secure communications at the Transport layer from end to end.

Answer 22

(TLS) Transport Layer Security

Question 23

___ is a nonprofit group dedicated to improving application security practices.

Answer 23

(WADC) Web Application Security Consortium

Question 24

___ is used for navigating XML documents and for retrieving data from within them. User input and queries are used with SPath to access XML information.

Answer 24

(XPATH) XML Path language

Question 25

___ is an attack in which the attacker injects data into an application so that the application executes user-controlled Path queries. When successfully exploited, this vulnerability may allow an attacker to bypass authentication mechanisms and access XML information without proper authorization.

Answer 25

XPath injection attack

Question 26

1. One way to verify if a system is attacked by a brute-force attack is to periodically check the log files. TRUE OR FALSE

Answer 26

TRUE

Question 27

2. content spoofing tactics often include which of the following? 1. Spam email links 2. Forum links 3. Chat room links 4. 1 & 2 only 5. All the above

Answer 27

Spam email links Forum links Chat room links

Question 28

3. How do XSS attacks differ from CSRF attacks?

Answer 28

XSS attacks exploit the trust that a user has in a site, while CSRF attacks exploit the trust a Web site has in the user's browser.

Question 29

4. Which of the following attacks involve the user of CR and LF characters? (Select two) 1. HTTP request smuggling 2. HTTP response smuggling 3. HTTP request splitting 4. HTTP response splitting

Answer 29

HTTP request splitting HTTP response splitting

Question 30

5. A common pat traversal attack uses which syntax sequence to attempt to locate restricted areas on a server? 1. ../ 2. *.*/ 3. CR 4. LF

Answer 30

../

Question 31

6. During a session fixation attack, in which ways can an attacker obtain a valid sessions identifier. (Select three) 1. Prediction 2. Capture 3. Fixation 4. Spoofing

Answer 31

Prediction Capture Fixation

Question 32

7. Which attack allows the attacker to access, read, delete, and modify information held within a database and even take control of the server on which the database is operating?

Answer 32

SQL Injection

Question 33

8. Which of the following are actual XML-related attacks? (Select two) 1. XML attribute blowup 2. XML internal entities 3. XML entity expression 4. XML injection

Answer 33

XML attribute blowup XML injection

Question 34

9. Which of the following are Web site weaknesses discussed in this chapter? (Select three) 1. OS commanding 2. Improper file system permissions 3. Insufficient authentication 4. Fingerprinting 5. Server misconfiguration

Answer 34

Improper file system permissions Insufficient authentication Server misconfiguration

Question 35

10. Applications hardening is the process of securing applications in use on a network. TRUE OR FALSE.

Answer 35

TRUE

Question 36

11. To avoid improper input handling, which approaches can you use when handling user input? (select three) 1. Stripping 2. Sanitization 3. Rejecting known bad input 4. Accepting only known good input

Answer 36

Sanitization Rejecting known bad input Accepting only known good input

Question 37

12. Which of the following is a strategy for reducing the risk of data leakage? 1. Sanitization 2. Strong firewall controls 3. Authorization 4. Encryption

Answer 37

Authorization