Information Network & Security Quiz Chapter 8
ensuring regular backups of the database are performed.
Database developers and administrators are responsible for:
cross-site scripting (XSS)
Hackers use ______ to execute arbitrary scripts through the web browser.
Penetration Testing
How can you ensure the confidentiality, integrity, and availability (CIA) of the web application and service?
persistent cross-site scripting
In a ______ attack, data that can modify how applications or services operate is downloaded (stored) onto the targeted server.
non-persistent cross-site scripting
In a _______ attack, the attacker attempts to use scripting commands in the URL itself, or through a device, such as a web form, to gain administrator, or some other elevated level of user privileges in an attempt tp force the victim's server to display the desired data on-screen.
Set the security level of DVWA to low
In the lab, what did you do before attempting the script tests that exposed the vulnerabilities?
penetration testing and security hardening
No production web application, whether it resides inside or outside of the firewall, should be implemented without:
hexadecimal character strings
Often hackers will use ______ to make the scripts even harder to detect.
the secure coding and testing of their application
Web application developers and software developers are responsible for:
If e-commerce or privacy data is entered into the web application
When is the company under additional compliance laws and standards to ensure the confidentiality of customer data?
SQL Injection attack
Which Web application attack is more likely to extract data elements out of a database?
Those that are poorly designed
Which of the following Web forms can be exploited to output passwords, credit card information, and other data?
SQL Injection
Which of the following allows valid SQL commands to run within a web form?
Cross-Site Scripting (XSS)
Which of the following becomes possible when a web form allows HTML or JavaScript code as valid input?
Monitor your SQl databases for unauthorized or abnormal SQL injections.
Which of the following is a security countermeasure that could be used to protect your production SQL databases against injection attacks?
Damn Vulnerable Web Application
Which of the following is a tool left intentionally vulnerable to aid security professionals in learning about web security?
Penetration Testing
Which of the following should be performed on a regular schedule and whenever the web application and service is modified?
Their likelihood can be reduced through regular testing.
Which of the following statements is true regarding SQL Injection attacks?
They are one of the most common web attacks
Which of the following statements is true regarding cross-site scripting (XSS) attacks?
Persistent cross-site scripting attack
Which type of attack is triggered by the victim?