In Java Application Vulnerabilities, the following statement belongs to the group of technical impact:
Secure Configuration
Application Design
Security Policies
Code Logic Deviation
Brand Image Damage
It is not an countermeasure for Cross-Site Scrpting:
Configure web browser to disable scripting
Implement character encoding techniques for web pages such as ISO-8859-1 or UTF 8
Use filter techniques that store and process input variables on the server
Appropriately use GET and POST requests
Use properly designed error handling mechanisms for reporting input errors
It is not an countermeasure for Cross-Site Request Forgery:
Web applications should use string authentications methods such as cookies, http authentication, etc.
Check the referrer such as HTTP "referer" or referrer to mitigate this type of attacks
Use page tokens such as time tokens that change with every http or https page requests
Appropriately use GET asn POST requests
It is a countermeasure for Directory Traversal
1). Apply checks/hot fixes to preven explotation
2). Define access rights to the protected areas of the website
3). Update server software at regular intervals
4) 1 and 3
5) 2 and 4
In HTTP Response Splitting. Attacker splits the HTTP response by:
Http Hearder Splitting
Http redirect
Http cookie header
All of the above
None of the above
It is not an countermeasure Parameter Manipulation
Use string input validating mechanisms for user data inputs
Implement a strict application security routines and updates
Use strictly confiured firewall to block and identify parameters that are defined in a web page
Disallow and filter CR/LF characters
Implement standards for minimum and maximum allowable length, characters, patterns and numeric ranges
Which statement does not describe an XPath injection?
The secure code snippet uses input validation and output encoding to prevent attacker from executing any malicious scripts
This can be done by bypassing the Web Site authentcation system and extracting the structure od one or more XML documents in the site
XPath injection is an attack targeting Web sites that create XPath queries from user.supplied data
If an application embeds unprotected data into xPath query, the query can be aletered so that it is no longer parsed in the manner originally intended
It is not an countermeasure for Injection Attacks:
Defined Denial of service attacks by using SAX based parsing
Replace all single quotes with two single quotes
It is always suggested to use less privileged accounts to access the database
Disabling authentications based data access control
Que caracteres se deben deshabilitar para prevenir un ataque de Http Reponse Splitting?
LR/FF
CR/LF
CR/HT
LF/FS
LR/FS
In Java Application Vulnerabilities, the following statement belongs to the group of Attack Vectors:
Applications Crash
CSRF Attack
Lack of Proper authentication
Damage Systems
