null
US
Sign In
Sign Up for Free
Sign Up
We have detected that Javascript is not enabled in your browser. The dynamic nature of our site means that Javascript must be enabled to function properly. Please read our
terms and conditions
for more information.
Next up
Copy and Edit
You need to log in to complete this action!
Register for Free
2998294
Java Application Vulnerabilities
Description
Java Application Vulnerabilities
No tags specified
ecsp java
java app vulnerabilities
test 8
Quiz by
Carlos Veliz
, updated more than 1 year ago
More
Less
Created by
Carlos Veliz
over 9 years ago
36
0
0
Resource summary
Question 1
Question
In Java Application Vulnerabilities, the following statement belongs to the group of technical impact:
Answer
Secure Configuration
Application Design
Security Policies
Code Logic Deviation
Brand Image Damage
Question 2
Question
It is not an countermeasure for Cross-Site Scrpting:
Answer
Configure web browser to disable scripting
Implement character encoding techniques for web pages such as ISO-8859-1 or UTF 8
Use filter techniques that store and process input variables on the server
Appropriately use GET and POST requests
Use properly designed error handling mechanisms for reporting input errors
Question 3
Question
It is not an countermeasure for Cross-Site Request Forgery:
Answer
Web applications should use string authentications methods such as cookies, http authentication, etc.
Check the referrer such as HTTP "referer" or referrer to mitigate this type of attacks
Use page tokens such as time tokens that change with every http or https page requests
Appropriately use GET asn POST requests
Configure web browser to disable scripting
Question 4
Question
It is a countermeasure for Directory Traversal
Answer
1). Apply checks/hot fixes to preven explotation
2). Define access rights to the protected areas of the website
3). Update server software at regular intervals
4) 1 and 3
5) 2 and 4
Question 5
Question
In HTTP Response Splitting. Attacker splits the HTTP response by:
Answer
Http Hearder Splitting
Http redirect
Http cookie header
All of the above
None of the above
Question 6
Question
It is not an countermeasure Parameter Manipulation
Answer
Use string input validating mechanisms for user data inputs
Implement a strict application security routines and updates
Use strictly confiured firewall to block and identify parameters that are defined in a web page
Disallow and filter CR/LF characters
Implement standards for minimum and maximum allowable length, characters, patterns and numeric ranges
Question 7
Question
Which statement does not describe an XPath injection?
Answer
The secure code snippet uses input validation and output encoding to prevent attacker from executing any malicious scripts
This can be done by bypassing the Web Site authentcation system and extracting the structure od one or more XML documents in the site
XPath injection is an attack targeting Web sites that create XPath queries from user.supplied data
If an application embeds unprotected data into xPath query, the query can be aletered so that it is no longer parsed in the manner originally intended
Question 8
Question
It is not an countermeasure for Injection Attacks:
Answer
Defined Denial of service attacks by using SAX based parsing
Replace all single quotes with two single quotes
It is always suggested to use less privileged accounts to access the database
Disabling authentications based data access control
Question 9
Question
Que caracteres se deben deshabilitar para prevenir un ataque de Http Reponse Splitting?
Answer
LR/FF
CR/LF
CR/HT
LF/FS
LR/FS
Question 10
Question
In Java Application Vulnerabilities, the following statement belongs to the group of Attack Vectors:
Answer
Applications Crash
CSRF Attack
Lack of Proper authentication
Damage Systems
Brand Image Damage
Show full summary
Hide full summary
Want to create your own
Quizzes
for
free
with GoConqr?
Learn more
.
Similar
Java Concurrency and Session Management
Carlos Veliz
Introduction to Java Security
Carlos Veliz
Java Mix Test 42p
Carlos Veliz
Authentication and Authorization
Carlos Veliz
ECSP JAVA: JAAS
Carlos Veliz
Criptography
Carlos Veliz
Java - Mix
Carlos Veliz
Java Concurrency and Session Management
Jose Luis Vasquez Galvez
Java Mix Test 42p
Jose Luis Vasquez Galvez
Girls' and Boys' Education - A Mind Map
Cecelia Price
OCR AS CHEMISTRY A DEFINITIONS
awesome.lois
Browse Library