Lesson 14: Summarizing Secure Application Concepts
Which scenario best describes provisioning?
A developer deploys an application to the target environment.
Analyze types of vulnerabilities and summarize a zero-day exploit.
A vulnerability that is capitalized on before the developer knows about it.
Examine each of the following statements and determine which most accurately compares an allow and block list control practices.
An allow list operates on a default-deny policy, while a block list is a default-allow policy.
A system administrator is working to restore a system affected by a stack overflow. Analyze the given choices and determine which overflow vulnerability the attacker exploited.
An attacker changes the return address of an area of memory used by a program subroutine.
Which type of attack disguises the nature of malicious input, preventing normalization from stripping illegal characters?
Canonicalization
Which method might an attacker use to redirect login via information gained by implementing JavaScript on a webpage the user believes is legitimate?
Clickjacking
Code developers de-conflict coding with one another during which phase of the software development life cycle (SDLC)?
Continuous integration
A network user calls the help desk after receiving an error message. The caller complains that the error message does not indicate whether the username or password input was incorrect but simply states there was an authentication error. What does this situation illustrate?
Effective exception handling
Which of the following is a common solution that protects an application from behaving in an unexpected way when passing invalid data through an attack?
Input Validation
Which of the following statements differentiates between input validation and output encoding?
Input validation ensures that data input into an application is in a compatible format for the application, while output encoding re-encodes data that transfers between scripts.
A hacker compromises a web browser and uses access to harvest credentials users input when logging in to banking websites. What type of attack has occurred?
Man-in-the-Browser
A threat analyst is asked about malicious code indicators. Which indicator allows the threat actor's backdoor to restart if the host reboots or the user logs off?
Persistence
Which scripting language is the preferred method of performing Windows administration tasks?
Powershell
Identify the type of attack that occurs when the outcome from execution process are directly dependent on the order and timing of certain events, and those events fail to execute in the order and timing intended by the developer.
Race conditions
Compare and contrast the types of Cross-Site Scripting (XSS) attacks, and select the option that accurately distinguishes between them.
Reflected and stored XSS attacks exploit server-side scripts, while the DOM is used to exploit vulnerabilities in client-side scripts.
Evaluate the Agile paradigm within a Software Development Lifecycle (SDLC) to determine which statement demonstrates the idea of continuous tasks.
Releasing well-tested code in smaller blocks
An attacker compromises a Linux host, installing a web shell as a backdoor. If the attacker gained access to the host through a connection the host established, what type of attack has occurred?
Reverse shell
Which cookie attribute can a security admin configure to help mitigate a request forgery attack?
SameSite
Which malicious code indicator is a minimal program designed to exploit a buffer overflow?
Shellcode
A system administrator suspects a memory leak is occurring on a client. Determine which scenario would justify this finding.
Software does not release allocated memory when it is done with it.
An attacker finds a way to exploit a vulnerability in a target application that allows the attacker to bypass a password requirement. Which method did the attacker most likely use?
The attacker added LDAP filters as unsanitized input by creating a condition that is always true.
A threat actor programs an attack designed to invalidate memory locations to crash target systems. Which statement best describes the nature of this attack?
The attacker programmed a null pointer dereferencing exception.
An employee is attempting to install new software they believe will help them perform their duties faster. When the employee tries to install the software, an error message is received, stating they are not authorized to install the software. The employee calls the help desk for assistance. Evaluate the principles of execution control to conclude what has most likely occurred in this scenario.
The company is utilizing allow list control, and the software is not included in the list.
Analyze the following statements and select the statement which correctly explains the difference between cross-site scripting (XSS) and cross-site request forgery (XSRF).
XSRF spoofs a specific request against the web application, while XSS is a means of running any arbitrary code.
Which of the following is NOT a scripting language?
regex
