Chapter 6 Review Question

Réussis tes devoirs et examens dès maintenant avec Quizwiz!

Tom is a software developer who creates code for sale to the public. He would like to assure his users that the code they receive actually came from him. What technique can he use to best provide this assurance? a. Code signing b. Code endorsement c. Code encryption d. Code obfuscation

a. Code signing Code signing provides developers with a way to confirm the authenticity of their code to end users. Developers use a cryptographic function to digitally sign their code with their own private key, and then browsers can use the developer's public key to verify that signature and ensure that the code is legitimate and was not modified by unauthorized individuals.

During a web application test, Ben discovers that the application shows SQL code as part of an error provided to application users. What should he note in his report? a. Improper error handling b. Code exposure c. SQL injection d. A default configuration issue

a. Improper error handling Improper error handling often exposes data to users and possibly attackers that should not be exposed. In this case, knowing what SQL code is used inside the application can provide an attacker with details they can use to conduct further attacks. Code exposure is not one of the vulnerabilities we discuss in this book, and SQL code being exposed does not necessarily mean that SQL injection is possible. While this could be caused by a default configuration issue, there is nothing in the question or point to that problem.

Upon further inspection, Joe finds a series of thousands of requests to the same URL coming from a single IP address. Here are a few example: http://www.mycompany.com/servicestatus.php?serviceID=1 http://www.mycompany.com/servicestatus.php?serviceID=2 http://www.mycompany.com/servicestatus.php?serviceID=3 http://www.mycompany.com/servicestatus.php?serviceID=4 http://www.mycompany.com/servicestatus.php?serviceID=5 http://www.mycompany.com/servicestatus.php?serviceID=6 Why type of vulnerability was the attacker likely trying to exploit? a. Insecure direct object reference b. File upload c. Unvalidated redirect d. Session hijacking

a. Insecure direct object reference The series of thousands of requests incrementing a variable indicate that the attacker was most likely attempting to exploit an insecure direct object reference vulnerability.

What type of attack places an attacker in the position to eavesdrop on communications between a user and a web server? a. Man-in-the-middle b. Session hijacking c. Buffer overflow d. Meet-in-the-middle

a. Man-in-the-middle In a man-in-the-middle attack, the attacker fools the user into thinking that the attacker is actually the target website and presenting a fake authentication form. They may then authenticate to the website on the user's behalf and obtain the cookie. This is slightly different from a session hijacking attack, where the attacker steals the cookie associated with an active session.

Precompiled SQL statements that only require variables to be input are an example if what type of application security control? a. Parameterized queries b. Encoding data c. Input validation d. Appropriate access controls

a. Parameterized queries A parameterized query (sometimes called a prepared statement) use a prebuilt SQL statement to prevent SQL-based attacks. Variables from the application are fed to the query, rather than building a custom query when the application needs data. Encoding data helps to prevent cross-site scripting attacks, as does input validation. Appropriate access controls can prevent access to data that the account or application should not have access to, but they don't use precompiled SQL statements. Stored procedures are an example of a parameterized query implementation.

Joe is examining the logs for his web server and discovers that a user sent input to a web application that contained the string WAITFOR. What type of attack was the user likely attempting? a. Time-based SQL injection b. HTML injection c. Cross-site scripting d. Content-based SQL injection

a. Time-based SQL injection The use of the SQL WAITFOR command is a signature characteristic of a timing-based SQL injection attack.

What data minimization technique replaces personal identifiers with unique identifiers that may be cross-referenced with a lookup table? a. Tokenization b. Hashing c. Salting d. Masking

a. Tokenization Tokenization replaces personal identifiers that might directly reveal an individual's identity with a unique identifier using a lookup table. Hashing uses a cryptographic hash function to replace sensitive identifiers with an irreversible alternative identifier. Salting these values with a random number prior to hashing them makes these hashed values resistant to a type of attack known as a rainbow table attack.

The application that Scott is writing has a flaw that occurs when two operations are attempted at the same time, resulting in unexpected results when the two actions do not occur in the expected order. What type of flaw does the application have? a. De-referencing b. A race condition c. An insecure function d. Improper error handling

b. A race condition The application has a race condition, which occurs when multiple operations cause undesirable results due to their order of completion. De-referencing would occur if a memory location was incorrect, an insecure function would have security issues in the function itself, and improper error handling would involve an error and how it was displayed or what data is provided.

Which one of the following software development models focuses on the early and continuous delivery of software? a. Waterfall b. Agile c. Spiral d. Butterfly

b. Agile One of the core principles of the Agile approach to software development is to ensure customer satisfaction via early and continuous delivery of software.

Every time Susan checks code into her organization's code repository, it is tested and validated, and then if accepted, it is immediately put into production. What is the term for this? a. Continuous integration b. Continuous delivery c. A security nightmare d. Agile development

b. Continuous delivery Although this example includes continuous integration, the key thing to notice is that the code is then deployed into production. This means that Susan is operating in a continuous deployment environment, where code is both continually integrated and deployed. Agile is a development methodology and often uses CI/CD, but we cannot determine if Susan is using Agile.

Tim is working on a change to a web application used by his organization to fix a known bug. What environment should he be working in? a. Test b. Development c. Staging d. Production

b. Development Developers working on active changes to code should always work in the development environment. The test environment is where the software or systems can be tested without impacting the production. The production environment is the live system. Software, patches, and other changes that have been tested and approved move to production.

Kevin would like to ensure that his software runs on a platform that is able to expand and contract as needs change. Which one of the following terms best desires his goals? a. Scalability b. Elasticity c. Cost effectiveness d. Agility

b. Elasticity The situation descried in the scenario, expanding capacity when demand spikes and then reducing that capacity when demand falls again, is the definition of elasticity.

Which one of the following is not an advantage of database normalization? a. Preventing data inconsistencies b. Preventing injection attacks c. Reducing the need for database restructuring d. Making the database schema more informative

b. Preventing injection attacks Database normalization has four main benefit. Normalized designs prevent data inconsistencies, prevent update anomalies, reduce the need for restructuring existing databases, and make the database scheme more informative. They do not prevent web application attacks, such as SQL injection.

Wendy is a penetration tester who wishes to engage in a session hijacking attack. What information is crucial for Wendy to obtain if her attack will be successful? a. Session ticket b. Session cookie c. Username d. User password

b. Session cookie Websites use HTTP cookies to maintain sessions over time. If Wendy is able to obtain a copy of the user's session cookie, she can use that cookie to impersonate the user's browser and hijack the authenticated session.

Adam is conducting software testing by reviewing the source code of the application. What type of code testing is Adam conducting? a. Mutation testing b. Static code and analysis c. Dynamic code analysis d. Fuzzing

b. Static code and analysis Adam is conducting static code analysis by reviewing the source code. Dynamic code analysis requires running the program, and both mutation testing and fuzzing are types of dynamic analysis.

Joe's adventures in web server log analysis are not yet complete. As he continues to review the logs, he finds the request http://www.mycompany.com/../../../etc/passwd What type of attack was most likely attempted? a. SQl injection b. Session hijacking c. Directory traversal d. File upload

c. Directory traversal In this case, the .. operators are the tell-tale giveaway that the attacker was attempting to conduct a directory traversal attack. This particular attack sought to break out of the web server's root directory and access the /etc/passwd file on the server.

Joe checks his web server logs and sees that someone sent the following query string to an application running on the server: http://www.mycompany.com/servicestatus.php?serviceID=892&serviceID=892' ; DROP TABLE Services;-- What type of attack is this? a. Cross-site scripting b. Session hijacking c. Parameter pollution d. Man-in-the-middle

c. Parameter pollution This query string is indicative of a parameter pollution attack. In this case, it appears that the attacker was waging a SQL injection attack and tried to use parameter pollution to slip the attack past content filtering technology. The two instances off the serviceID parameter in the query string indicate a parameter pollution attempt.

Charles is worried about users conducting SQL injection attacks. Which of the following solutions will best address his concerns? a. Using secure session management b. Enabling logging on the database c. Performing user input validation d. Implementing TLS

c. Performing user input validation Charles should perform user input validation to strip out any SQL code or other unwanted input. Secure session management can help prevent session hijacking, logging may provide useful information for incident investigation, and implementing TLS can help protect network traffic, but only input validation helps with the issue described.

Frank is investigating a security incident where the attacker entered a very long string into an input field, which was followed by a system command. What type of attack likely took place? a. Cross-site request forgery b. Server-side request forgery c. Command injection d. Buffer overflow

d. Buffer overflow Buffer overflow attacks occur when an attacker manipulates a program into placing more data into an area of memory than is allocated for that program's use. The goal is to overwrite other information in memory with instructions that may be executed by a different process running on the system.

What type of cross-site scripting attack would not be visible to a security professional inspecting the HTML source code in a browser? a. Reflected XSS b. Stored XSS c. Persistent XSS d. DOM-based

d. DOM-based DOM-based XSS attacks hide the attack code within the Document Object Model. This code would not be visible to someone viewing the HTML source of the page. Other XSS attacks would leave visible traces in the browser.


Ensembles d'études connexes

Chapter 26: The Child with Gastrointestinal Dysfunction

View Set

Chapter 34: Women's Health Drugs

View Set

Business Law 110 - Ch. 4 Practice Questions

View Set

Module 10: Economic Geology and Resources Lab

View Set

단어 형태 변형 규칙 Part 3: 동사형, 부사형 파생 접미사

View Set

Science Praxis: Earth and Space Science - Water and Atmosphere

View Set

Food spoilage and food poisoning

View Set