OWASP top 10
What vulnerability is described as a failure to enforce and maintain levels of authorization?
Broken Access Control
What vulnerability involves insecure implementations of authentication systems?
Broken Auth
What vulnerability involves unsanitized user input being interpreted as javascript in a browser?
Cross-Site Scripting (XXS)
Insecure Deserialization is NOT particularly dangerous.
False, Insecure Deserialization is very dangerous.
Insufficient Logging and Monitoring is only an issue after an attack has occurred.
False, Insufficient Logging and Monitoring is NOT only an issue after an attack has occurred.
Security Misconfiguration ONLY involves security software.
False, Security Misconfiguration does NOT only involve security software.
What vulnerability involves an interpreter being tricked into treating untrusted data as code/behavior?
Injection
What vulnerability involves a stream of formatted data being maliciously modified before being interpreted as an object within code?
Insecure Deserialization
What vulnerability is characterized by a lack of records and information about the events taking place within a system?
Insufficient Logging and Monitoring
Why is Injection dangerous?
It allows an attacker to view or tamper with data, and possibly run code on the server hosting the website.
Why is Broken Authentication dangerous?
It allows attackers to impersonate other users.
What vulnerability is described as the improper configuration of software in a way that degrades security?
Security Misconfiguration
What vulnerability is described as the insufficient or improper protection of sensitive data?
Sensitive Data Exposure
What is NOT a reason that Sensitive Data Exposure is dangerous?
Sensitive Data Exposure is dangerous because it can allow an attacker to execute arbitrary code on the server running the website.
Broken Access Control can lead to other vulnerabilities being exploited.
True, Broken Access Control can lead to other vulnerabilities being exploited.
In the worst cases, XXE can allow for remote code execution on vulnerable devices.
True, in the worst cases, XXE can allow for remote code execution on vulnerable devices.
Most vulnerabilities that attackers exploit are already public knowledge, and many have fixes readily available for them.
True, most vulnerabilities that attackers exploit are already public knowledge, and many have fixes readily available for them.
Some XSS attacks can involve a website storing malicious code and then displaying it to other users.
True, some XSS attacks can involve a website storing malicious code and then displaying it to other users.
What vulnerability involves using insecure versions of software or frameworks within an environment?
Using Components with Known Vulnerabilities
A piece of maliciously crafted XML manipulates an XML processor to produce unintended behavior. What vulnerability in the OWASP Top 10 best describes this scenario?
XML External Entities
