Scribd
Upload
3 views

Quiz1

The document discusses various security vulnerabilities, particularly focusing on cross-site scripting (XSS) and injection attacks, along with their implications and preventive measures. It highlights the importance of input validation, security misconfigurations, and the role of security requirements in software development. Additionally, it addresses the significance of threat modeling and the identification of assets to enhance security controls.

Uploaded by

amal98.alaskari
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
3 views

Quiz1

The document discusses various security vulnerabilities, particularly focusing on cross-site scripting (XSS) and injection attacks, along with their implications and preventive measures. It highlights the importance of input validation, security misconfigurations, and the role of security requirements in software development. Additionally, it addresses the significance of threat modeling and the identification of assets to enhance security controls.

Uploaded by

amal98.alaskari
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 3

An attacker who exploits cross-site scripting (XSS) vulnerabilitie software's typically

able to do the following except:


-Impersonate or masquerade as the victim user
-Manipulate parameters exchanged between two connecti-Read any data that the user
is able to access
-Inject trojan functionality into the web site

Following are the reasons why software applications are vulnerable except?
-Poor data validation
- Design Flaws
-Application environment bottlenecks
-Reasonable use of expectations

Identify the most relevant security practice crucial to address the"Attempted injection
attacks" in the use case of "Input validation"
-Enforcing strong password policies
-Conducting regular security audits
- Implementing input validation and sanitization
-Encrypting sensitive user inputs

What is the primary purpose of input validation in secure software de'


-Improve software performance
-Enhance code readability
- Streamline user interface design
-Mitigate security risks associated with malicious input

What is the main goal of identifying assets in threat modeling?


• To prioritize security controls
To estimate project costs
To enhance user experience
To improve code readability

Abuse/Misuse cases are Security Use Case driven.


True
False

Which of the following ports are normally open on perimeter devices fo web traffic
leading to application-level vulnerabilities exploited by attac into the network?
443 and 8080
80 and 445
443 and 80
43 and 80

Cookies are used to maintain session state information in stateless HT where they are
vulnerable to session attacks: cookie poisoning attacks the following categories,
except?
User enumeration
Modify the cookie content
Rewrite the session data
Inject the malicious content

Abuse cases lay the foundation for threat modelling during design phas
True
False
HIPPA, GDPR and SOX are examples of functional security requirement
True
False

Which of the following scenarios is indicative of a "Failure to Restrict U vulnerability?


-Directly navigating to sensitive admin pages without proper author
-Users accessing public information without authentication-Properly validating and
securing form inputs
- Implementing a secure password reset mechanism

Injection attacks exploit vulnerabilities in input validation and inadequat handling.


They are of the following types except?
Server-Side Template Injection (SSTI)
Cross-Site Scripting (XSS)
LDAP Injection
Vulnerable XML files

To create an overview of an application in threat modelling, the following are


performed except.
Identify User Roles and Use case ScenariosEnd-to-End Deployment Architecture
Identify Application Security Mechanisms
Prepare and Document Threat Model Information

Following are the examples of DoS attacks except?


Inject the malicious content
Login attacks
User enumeration attacks
Account lock out attacks

Which of the following are True about software security requirements ex


-Software security requirements are non-functional requirements
-Gathering software security requirements should be part of strategic development
process
-Software security requirements should be enumerated separately fri Functional
requirements.
-Software security requirements should be reviewed and tested tog

To mitigate Server-Side Request Forgery (SSRF) web attacks, following bes are used
except?
-Use of safe APIs
-least privilege principle
-Use of anti-tamper techniques
-Input validation

Which of the following are security misconfigurations, which lead to a vari potential
vulnerabilities, except?
-Use of XML files
- Unpatched vulnerabilities
- Unprotected files and directories
-Dafault configuration

Authentication and identity management failures expose applications to th malicious


actors posing as genuine users. A session ID configured without : period can run and
run. Weak passwords can be susceptible to guessing ar rate limits imposed on login
attempts automated attacks keep doing that L succeed. Which is the best solution to
this problem?
-To create an inventory that lists all the connected components in you environment
and keeps you up to date on each one's behavior.
-Record all login attempts (including failures), maintain copies of logs, tamper
mechanisms, and test monitoring systems regularly.
-Multi-factor authentication (MA) within applications, adhere to recom password
length, complexity, and rotation policies.
-Ensure that the server has the least privileges necessary to access ext resources to
limit potential damage.

What is the primary purpose of input validation in secure software development


- Improve software performance
- Enhance code readability
-Streamline user interface design
-Mitigate security risks associated with malicious input

Which of the following are categorized as OWASP Top 10 attacks except


-Cross-Site Scripting (XSS)
-Broken Authentication and Session Management
-Sensitive Data Exposure
- Improper Input Validation

Identify the most relevant security practice crucial to address the abuse "Attempted
injection attacks" in the use case of "Input validation"?
-Enforcing strong password policies
-Conducting regular security audits
- Implementing input validation and sanitization
-encryption sensitive user inputs

An attacker who exploits cross-site scripting (XSS) vulnerabilities in applit software's


typically able to do the following except:
-Impersonate or masquerade as the victim user
-Manipulate parameters exchanged between two connections
-Read any data that the user is able to access ~ Inject -inject trojan functionality into
the web site

You might also like