Java Application Vulnerabilities

Carlos Veliz
Quiz by , created over 4 years ago

Java Application Vulnerabilities

27
0
0
Carlos Veliz
Created by Carlos Veliz over 4 years ago
ECSP JAVA: JAAS
Carlos Veliz
Java - Mix
Carlos Veliz
Java Concurrency and Session Management
Jose Luis Vasquez Galvez
GCSE REVISION TIMETABLE
nimraa422
Using GoConqr to learn German
Sarah Egan
Java Mix Test 42p
Carlos Veliz
Java Concurrency and Session Management
Carlos Veliz
Introduction to Java Security
Carlos Veliz
Criptography
Carlos Veliz
Authentication and Authorization
Carlos Veliz

Question 1

Question
In Java Application Vulnerabilities, the following statement belongs to the group of technical impact:
Answer
  • Secure Configuration
  • Application Design
  • Security Policies
  • Code Logic Deviation
  • Brand Image Damage

Question 2

Question
It is not an countermeasure for Cross-Site Scrpting:
Answer
  • Configure web browser to disable scripting
  • Implement character encoding techniques for web pages such as ISO-8859-1 or UTF 8
  • Use filter techniques that store and process input variables on the server
  • Appropriately use GET and POST requests
  • Use properly designed error handling mechanisms for reporting input errors

Question 3

Question
It is not an countermeasure for Cross-Site Request Forgery:
Answer
  • Web applications should use string authentications methods such as cookies, http authentication, etc.
  • Check the referrer such as HTTP "referer" or referrer to mitigate this type of attacks
  • Use page tokens such as time tokens that change with every http or https page requests
  • Appropriately use GET asn POST requests
  • Configure web browser to disable scripting

Question 4

Question
It is a countermeasure for Directory Traversal
Answer
  • 1). Apply checks/hot fixes to preven explotation
  • 2). Define access rights to the protected areas of the website
  • 3). Update server software at regular intervals
  • 4) 1 and 3
  • 5) 2 and 4

Question 5

Question
In HTTP Response Splitting. Attacker splits the HTTP response by:
Answer
  • Http Hearder Splitting
  • Http redirect
  • Http cookie header
  • All of the above
  • None of the above

Question 6

Question
It is not an countermeasure Parameter Manipulation
Answer
  • Use string input validating mechanisms for user data inputs
  • Implement a strict application security routines and updates
  • Use strictly confiured firewall to block and identify parameters that are defined in a web page
  • Disallow and filter CR/LF characters
  • Implement standards for minimum and maximum allowable length, characters, patterns and numeric ranges

Question 7

Question
Which statement does not describe an XPath injection?
Answer
  • The secure code snippet uses input validation and output encoding to prevent attacker from executing any malicious scripts
  • This can be done by bypassing the Web Site authentcation system and extracting the structure od one or more XML documents in the site
  • XPath injection is an attack targeting Web sites that create XPath queries from user.supplied data
  • If an application embeds unprotected data into xPath query, the query can be aletered so that it is no longer parsed in the manner originally intended

Question 8

Question
It is not an countermeasure for Injection Attacks:
Answer
  • Defined Denial of service attacks by using SAX based parsing
  • Replace all single quotes with two single quotes
  • It is always suggested to use less privileged accounts to access the database
  • Disabling authentications based data access control

Question 9

Question
Que caracteres se deben deshabilitar para prevenir un ataque de Http Reponse Splitting?
Answer
  • LR/FF
  • CR/LF
  • CR/HT
  • LF/FS
  • LR/FS

Question 10

Question
In Java Application Vulnerabilities, the following statement belongs to the group of Attack Vectors:
Answer
  • Applications Crash
  • CSRF Attack
  • Lack of Proper authentication
  • Damage Systems
  • Brand Image Damage