Hands On Ethical Hacking And Network Defense
Which of the following cross-site scripting vulnerabilities types is especially harmful because it can be delivered to subsequent users of the application?
"persistent XSS"
Which of the following results from poorly configured technologies that a Web application runs on top of?
A5-Security misconfigurations
Which of the following is a programming interface for connecting a Web application to a database and defines technologies that allow applications, such as Word or Excel, to interact with the Web?
ActiveX Data Objects (ADD)
Which of the following is an alternative term used when referring to Application Security?
App Sec
Adobe System's ColdFusion uses its proprietary tags, which are written in which of the following languages?
ColdFusion Markup language (CFML) HTML Java Script
Which of the following application tests analyzes a running application for vulnerabilities?
Dynamic Application Security Testing (DAST)
A user can view the source code of a PHP file by using their Web browser's tools. (T/F)
False
What is the specific act of filtering, rejecting or sanitizing a user's untrusted input before the application processes it?
Input Validation
Which of the following interfaces, developed by Microsoft, is a set of interfaces that enable applications to access data stored in a database management system (DBMS)?
Object Linking and Embedding Database (OLE DB)
Which of the following interfaces is a standard database access method, developed by SQL Access Group that allows an application to access data stored in database management system (DBMS)?
Open Database Connectivity (ODBC)
Which of the following programming languages was originally used primarily on UNIX systems, but is used more widely now on many platforms, such as Macintosh and Windows?
PHP
Which of the following cross-site scripting vulnerabilities types relies on social engineering to trick a user into visiting a maliciously crafted link or URL?
Reflected XSS
Which of the following application tests analyzes an application's source code for vulnerabilities, and is therefore only possible when the source code of an application is available?
Static Application Security Testing (SAST)
Which of the following resources is an excellent starting point for security professionals when investigating VBScript vulnerabilities?
The Microsoft security bulletin search page http://technet.microsoft.com/en-us/security/bulletin
CGI programs can be written in many different programming and scripting languages, such as C/C++, Perl, UNIX shells, Visual Basic, and Fortran. (T/F)
True
OLE DB relies on connection strings that enable the application to access the data stored on an external device. (T/F)
True
Web applications written in CFML can also contain other client-side technologies, such as HTML and JavaScript. (T/F)
True
Which type of vulnerabilities can result from a server accepting untrusted, unvalidated input?
injection vulnerabilities A3-Cross-site scripting (XSS)
What is the specific act of checking a user's privileges to understand if they should or should not have access to a page, field, resource, or action in an application?
Authorization testing
What type of useful tools can a security tester find available in both Firefox and Chrome Web browsers?
Built-in developer tools
Which of the following refers to the flow a user is expected to follow in an application to accomplish a goal?
Business logic
Which of the following is the interface that determines how a Web server passes data to a Web browser?
Common Gateway Interface (CGI)
Visual Basic Script (VBScript) is a scripting language developed by which of the following companies?
Microsoft
JavaScript is a server-side scripting language that is embedded in an HTML Web page. (T/F)
False
