Secure Application Development Quiz

What is the attack technique used to exploit web sites by altering backend database queries through inputting manipulated queries?

SQL Injection

Cross Site Scripting

Insecure Direct Object Reference

OS command injection

What happens when an application takes user-inputted data and sends it to a web browser without proper validation and escaping?

Broken Authentication and Session Management

Security Misconfiguration

Cross Site Scripting

Malware Uploading

Which attack can execute scripts in the user's browser and is capable of hijacking user sessions, defacing websites, or redirecting the user to malicious sites?

SQL Injection

Cross Site Scripting

Cross Site Request Forgery

Insecure Direct Object References

What threat are you vulnerable to if you do not validate authorization of user for direct references to restricted resources?

Insecure Direct Object References

command injection

Cross Site Request Forgery

SQL Injection

In which of the following exploits does an attacker insert malicious code into a link that appears to be from a trustworthy source?

IDOR

SQLI

XSS

CSRF

Input validation should be based on....

Blacklisting

Whitelisting

Taking control of admin functionality and misusing sensitive data that they are unauthorized to access is:

Broken Access Control

Cross Site Scripting

SQL Injection

Xml Enternal Entities Injection

User A and User B belong to same access level in an application, However User A is able to view credit card information of User B. This is classic example of

Horizontal Privilege Escalation

Vertical Privilege Escalation

Cross site scripting

Both a and b

XSS stands for _________________

Cross Site Scripting

Cross Site Server

Crack Site Scripting

Crack server scripting

In which of the following exploits does an attacker add SQL code to an application input form to gain access to resources or make changes to data?

SQL Injection

command injection

Cross Site Scripting

XML Injection