Ethical Hacking
Which of the following is an alternative term used when referring to Application Security?
AppSec
Which of the following programming languages was originally used primarily on UNIX systems, but is used more widely now on many platforms, such as Macintosh and Windows?
PHP
What type of useful tools can a security tester find available in both Firefox and Chrome Web browsers? a. SQL tools b. developer tools c. security tools d. scan tools
developer tools
A user can view the source code of a PHP file by using their Web browser's tools.
false
JavaScript is a server-side scripting language that is embedded in an HTML Web page.
false
Which type of vulnerabilities can result from a server accepting untrusted, unvalidated input?
injection
OLE DB relies on connection strings that enable the application to access the data stored on an external device.
true
To check whether a CGI program works, you can test the URL in your Web browser. Which of the following directories should you save the program to on your Web server before you check the URL in your Web browser?
cgi-bin
Which of the following is the interface that determines how a Web server passes data to a Web browser? a. Perl b. CGI c. PHP d. ASP
CGI
Which of the following application tests analyzes a running application for vulnerabilities?
Dynamic Application Security Testing
Visual Basic Script (VBScript) is a scripting language developed by which of the following companies?
Microsoft
Which of the following interfaces is a standard database access method, developed by SQL Access Group, that allows an application to access data stored in a database management system (DBMS)?
ODBC
What is the specific act of filtering, rejecting, or sanitizing a user's untrusted input before the application processes it?
input validation
Which of the following results from poorly configured technologies that a Web application runs on top of?
security misconfigurations
What is the specific act of checking a user's privileges to understand if they should or should not have access to a page, field, resource, or action in an application?
authorization
Which JavaScript function is a "method" or sequence of statements that perform a routine or task?
getElementById()
Which of the following cross-site scripting vulnerabilities types relies on social engineering to trick a user into visiting a maliciously crafted link or URL? a. injected b. Stored c. unvalidated d. reflected
reflected
CGI programs can be written in many different programming and scripting languages, such as C/C++, Perl, UNIX shells, Visual Basic, and FORTRAN.
true
Web applications written in CFML can also contain other client-side technologies, such as HTML and JavaScript.
true
Which of the following application tests analyzes an application's source code for vulnerabilities, and is therefore only possible when the source code of an application is available?
Static Application Security Testing
