Carlos Veliz
Quiz by , created more than 1 year ago

Java Application Vulnerabilities

36
0
0
Carlos Veliz
Created by Carlos Veliz over 9 years ago
Close

Java Application Vulnerabilities

Question 1 of 10

1

In Java Application Vulnerabilities, the following statement belongs to the group of technical impact:

Select one of the following:

  • Secure Configuration

  • Application Design

  • Security Policies

  • Code Logic Deviation

  • Brand Image Damage

Explanation

Question 2 of 10

1

It is not an countermeasure for Cross-Site Scrpting:

Select one of the following:

  • Configure web browser to disable scripting

  • Implement character encoding techniques for web pages such as ISO-8859-1 or UTF 8

  • Use filter techniques that store and process input variables on the server

  • Appropriately use GET and POST requests

  • Use properly designed error handling mechanisms for reporting input errors

Explanation

Question 3 of 10

1

It is not an countermeasure for Cross-Site Request Forgery:

Select one of the following:

  • Web applications should use string authentications methods such as cookies, http authentication, etc.

  • Check the referrer such as HTTP "referer" or referrer to mitigate this type of attacks

  • Use page tokens such as time tokens that change with every http or https page requests

  • Appropriately use GET asn POST requests

  • Configure web browser to disable scripting

Explanation

Question 4 of 10

1

It is a countermeasure for Directory Traversal

Select one of the following:

  • 1). Apply checks/hot fixes to preven explotation

  • 2). Define access rights to the protected areas of the website

  • 3). Update server software at regular intervals

  • 4) 1 and 3

  • 5) 2 and 4

Explanation

Question 5 of 10

1

In HTTP Response Splitting. Attacker splits the HTTP response by:

Select one of the following:

  • Http Hearder Splitting

  • Http redirect

  • Http cookie header

  • All of the above

  • None of the above

Explanation

Question 6 of 10

1

It is not an countermeasure Parameter Manipulation

Select one of the following:

  • Use string input validating mechanisms for user data inputs

  • Implement a strict application security routines and updates

  • Use strictly confiured firewall to block and identify parameters that are defined in a web page

  • Disallow and filter CR/LF characters

  • Implement standards for minimum and maximum allowable length, characters, patterns and numeric ranges

Explanation

Question 7 of 10

1

Which statement does not describe an XPath injection?

Select one of the following:

  • The secure code snippet uses input validation and output encoding to prevent attacker from executing any malicious scripts

  • This can be done by bypassing the Web Site authentcation system and extracting the structure od one or more XML documents in the site

  • XPath injection is an attack targeting Web sites that create XPath queries from user.supplied data

  • If an application embeds unprotected data into xPath query, the query can be aletered so that it is no longer parsed in the manner originally intended

Explanation

Question 8 of 10

1

It is not an countermeasure for Injection Attacks:

Select one of the following:

  • Defined Denial of service attacks by using SAX based parsing

  • Replace all single quotes with two single quotes

  • It is always suggested to use less privileged accounts to access the database

  • Disabling authentications based data access control

Explanation

Question 9 of 10

1

Que caracteres se deben deshabilitar para prevenir un ataque de Http Reponse Splitting?

Select one of the following:

  • LR/FF

  • CR/LF

  • CR/HT

  • LF/FS

  • LR/FS

Explanation

Question 10 of 10

1

In Java Application Vulnerabilities, the following statement belongs to the group of Attack Vectors:

Select one of the following:

  • Applications Crash

  • CSRF Attack

  • Lack of Proper authentication

  • Damage Systems

  • Brand Image Damage

Explanation