ITEC 472 Chapter 10

Which specific type of tag do All CFML tags begin with?

CF

Adobe System's ColdFusion uses its proprietary tags, which are written in which of the following languages?

CFML

Which of the following application tests analyzes an application's source code for vulnerabilities, and is therefore only possible when the source code of an application is available?

Static Application Security Testing

What is the specific act of checking a user's privileges to understand if they should or should not have access to a page, field, resource, or action in an application?

authorization

To check whether a CGI program works, you can test the URL in your Web browser. Which of the following directories should you save the program to on your Web server before you check the URL in your Web browser?

cgi-bin

Which of the following interfaces is a standard database access method, developed by SQL Access Group, that allows an application to access data stored in a database management system (DBMS)?

ODBC

Which of the following interfaces, developed by Microsoft, is a set of interfaces that enable applications to access data stored in a database management system (DBMS)?

OLE DB

Connecting to an MS SQL Server database with Microsoft's Object Linking and Embedding Database (OLE DB) requires using which of the following providers?

SQLOLEDB

Which of the following resources is an excellent starting point for security professionals when investigating VBScript vulnerabilities?

Security Bulletin

Which of the following refers to the flow a user is expected to follow in an application to accomplish a goal?

business logic

Which of the following does Object Linking and Embedding Database (OLE DB) rely on that allows an application to access data stored on an external device?

connection strings

Which type of vulnerabilities can result from a server accepting untrusted, unvalidated input?

injection

Which of the following is a programming interface for connecting a Web application to a database and defines technologies that allow applications, such as Word or Excel, to interact with the Web?

ADO

Which of the following is an alternative term used when referring to Application Security?

AppSec

Which of the following is the interface that determines how a Web server passes data to a Web browser?

CGI

Which of the following application tests analyzes a running application for vulnerabilities?

Dynamic Application Security Testing

Visual Basic Script (VBScript) is a scripting language developed by which of the following companies?

Microsoft

Which of the following programming languages was originally used primarily on UNIX systems, but is used more widely now on many platforms, such as Macintosh and Windows?

PHP

Which of the following cross-site scripting vulnerabilities types is especially harmful because it can be delivered to subsequent users of the application?

Stored

What type of useful tools can a security tester find available in both Firefox and Chrome Web browsers?

developer tools

Which JavaScript function is a "method" or sequence of statements that perform a routine or task?

getElementById()

What is the specific act of filtering, rejecting, or sanitizing a user's untrusted input before the application processes it?

input validation

Which of the following cross-site scripting vulnerabilities types relies on social engineering to trick a user into visiting a maliciously crafted link or URL?

reflected

Which of the following results from poorly configured technologies that a Web application runs on top of?

security misconfigurations