Carlos Veliz
Quiz by , created more than 1 year ago

Java Application Vulnerabilities

27
0
0
Carlos Veliz
Created by Carlos Veliz over 4 years ago
Close
  • Java Application Vulnerabilities

    Question 1 of 10

    1

    In Java Application Vulnerabilities, the following statement belongs to the group of technical impact:

    Select one of the following:

    • Secure Configuration

    • Application Design

    • Security Policies

    • Code Logic Deviation

    • Brand Image Damage

    Question 2 of 10

    1

    It is not an countermeasure for Cross-Site Scrpting:

    Select one of the following:

    • Configure web browser to disable scripting

    • Implement character encoding techniques for web pages such as ISO-8859-1 or UTF 8

    • Use filter techniques that store and process input variables on the server

    • Appropriately use GET and POST requests

    • Use properly designed error handling mechanisms for reporting input errors

    Question 3 of 10

    1

    It is not an countermeasure for Cross-Site Request Forgery:

    Select one of the following:

    • Web applications should use string authentications methods such as cookies, http authentication, etc.

    • Check the referrer such as HTTP "referer" or referrer to mitigate this type of attacks

    • Use page tokens such as time tokens that change with every http or https page requests

    • Appropriately use GET asn POST requests

    • Configure web browser to disable scripting

    Question 4 of 10

    1

    It is a countermeasure for Directory Traversal

    Select one of the following:

    • 1). Apply checks/hot fixes to preven explotation

    • 2). Define access rights to the protected areas of the website

    • 3). Update server software at regular intervals

    • 4) 1 and 3

    • 5) 2 and 4

    Question 5 of 10

    1

    In HTTP Response Splitting. Attacker splits the HTTP response by:

    Select one of the following:

    • Http Hearder Splitting

    • Http redirect

    • Http cookie header

    • All of the above

    • None of the above

    Question 6 of 10

    1

    It is not an countermeasure Parameter Manipulation

    Select one of the following:

    • Use string input validating mechanisms for user data inputs

    • Implement a strict application security routines and updates

    • Use strictly confiured firewall to block and identify parameters that are defined in a web page

    • Disallow and filter CR/LF characters

    • Implement standards for minimum and maximum allowable length, characters, patterns and numeric ranges

    Question 7 of 10

    1

    Which statement does not describe an XPath injection?

    Select one of the following:

    • The secure code snippet uses input validation and output encoding to prevent attacker from executing any malicious scripts

    • This can be done by bypassing the Web Site authentcation system and extracting the structure od one or more XML documents in the site

    • XPath injection is an attack targeting Web sites that create XPath queries from user.supplied data

    • If an application embeds unprotected data into xPath query, the query can be aletered so that it is no longer parsed in the manner originally intended

    Question 8 of 10

    1

    It is not an countermeasure for Injection Attacks:

    Select one of the following:

    • Defined Denial of service attacks by using SAX based parsing

    • Replace all single quotes with two single quotes

    • It is always suggested to use less privileged accounts to access the database

    • Disabling authentications based data access control

    Question 9 of 10

    1

    Que caracteres se deben deshabilitar para prevenir un ataque de Http Reponse Splitting?

    Select one of the following:

    • LR/FF

    • CR/LF

    • CR/HT

    • LF/FS

    • LR/FS

    Question 10 of 10

    1

    In Java Application Vulnerabilities, the following statement belongs to the group of Attack Vectors:

    Select one of the following:

    • Applications Crash

    • CSRF Attack

    • Lack of Proper authentication

    • Damage Systems

    • Brand Image Damage