Quiz Maker LogoMake your own QuizCopy & Edit
Make your own quizManage my QuizzesPlans / FeaturesGuides and HelpContactPrivacy & Security

2019 PCI OWASP Top Ten Quiz

Create an engaging and visually appealing image depicting the concept of web application security, featuring elements like locks, firewalls, and code snippets in a digital, tech-themed design.

2019 PCI OWASP Top Ten Quiz

Test your knowledge on web application security with our engaging quiz focused on the OWASP Top Ten. This quiz is designed for professionals seeking to enhance their understanding of critical security vulnerabilities and best practices.

  • Learn about Injection Attacks
  • Understand Authentication and Access Control
  • Explore Secure Data Handling
12 Questions3 MinutesCreated by ProtectingData297
What is your name? (no nicknames, Liberty Bell)
INJECTION - Which of the following is at risk of an injection attack?
Sql sql = Sql.Builder.Append(@"SELECT * FROM accounts WHERE custID = '" + request.GetParameter("id") + "'");
Sql sql = Sql.Builder.Append(@"SELECT * FROM accounts WHERE custID = @0", request.GetParameter("id"));
Sql sql = Sql.Builder.Append(@"SELECT * FROM accounts WHERE custID = '" + "120857" + "'");
BROKEN AUTHENTICATION - Which of the following is NOT a good authentication practice?
Use a strong hashing algorithm to hash passwords
Give limited attempts at logging in
Use session timeouts
Allow common passwords so users don't forget their passwords
SENSITIVE DATA EXPOSURE - Which statement is true?
Passwords should be encrypted only when at rest (stored in the database)
Old cryptography algorithms are fine as long as it's used internally
HTTPS/SSL should always be used for sensitive data
FTP is fine to use with sensitive data
XML External Entities (XXE) - Which example is NOT vulnerable to an XXE attack?
<? Xml version="1.0" encoding="ISO-8859-1"?>
<!ENTITY xxe SYSTEM "file:///etc/passwd" >]> &xxe;
<? Xml version="1.0" encoding="ISO-8859-1"?>
<!ENTITY xxe SYSTEM "https://192.168.1.1/private" >]>
<? Xml version="1.0" encoding="ISO-8859-1"?>
<!ENTITY xxe SYSTEM "file:///dev/random" >]>
<? Xml version="1.0" encoding="ISO-8859-1"?>
<!ELEMENT virus = "very yes"> ]> &xxe;
XML External Entities (XXE) - Which statement is true?
XML is safe to accept from users as is
XML should be sanitized and verified when coming from users
XML is safe to accept as is if you are using SOAP
XML should always be avoided
Broken Access Control - Which URL is NOT vulnerable to attackers possibly viewing unauthorized information?
Https://www.4life.com/corp/report/downline?distId=120857
Https://www.4life.com/corp/myaccount?isAdmin=1
Https://www.4life.com/corp/order?orderId=45634344
Https://www.4life.com/corp/user?token=A4DE9849-7541-4EBF-AC48-314DCF4B0EA0
Security Misconfiguration - Which statement is false?
Keep systems updated and patched
Change default passwords and remove default users that come with new systems
Display stack traces and debug information in all error handling
Disable directory listing
Cross-Site Scripting (XSS) - Which Razor view code example is vulnerable to a XSS attack?
<span>@Html.Raw(Request["Name"])</span>
<span>@Request["Name"]</span>
<span>@Model.Name</span>
Insecure Deserialization - The following data is serialized into the value of a cookie stored in the user's browser. This is so the user doesn't have to keep logging in with their password. This also saves having to look up any rights the user has. This makes the web pages load very fast.
 
UserId=120857&PasswordHash=b6a8b3bea87fe0e05022f8f3c88bc960&Rights=1,2,30
 
Why is this not ok?
Because the password is hashed
Because the values can be manipulated before being deserialized and used
Because you shouldn't use cookies
There is nothing wrong with this because the cookie is secure using SSL
Using Components with Known Vulnerabilities - Which statement is true?
Updating and patching operating systems should only be done when a security vulnerability is exploited in your system
All libraries used should be updated as soon as a new version is released
Components from other sources should never be used
Developers should be aware of components used that have vulnerabilities and patch them as soon as possible
Insufficient Logging & Monitoring - Which of the following should be used in a software system?
Logging of auditable events, such as logins, failed logins, and high-value transactions
Logging of errors and warnings
Appropriate alerting thresholds and response escalation processes
Monitoring of logs for suspicious activity
All of the above
{"name":"2019 PCI OWASP Top Ten Quiz", "url":"https://www.quiz-maker.com/QPREVIEW","txt":"Test your knowledge on web application security with our engaging quiz focused on the OWASP Top Ten. This quiz is designed for professionals seeking to enhance their understanding of critical security vulnerabilities and best practices.Learn about Injection AttacksUnderstand Authentication and Access ControlExplore Secure Data Handling","img":"https:/images/course8.png"}

More Quizzes

Secure Application Development Quiz
11619
SSRF, impacts of SSRF, prevention of SSRF, SSRF attack scenarios, SSRF with metadata url in cloud systems
13626
Cybersecurity Quiz - World Wide Wednesday
11612
Secure Application Development Quiz
11627
Directory and Files Discovery
320
Introduction to OWASP ZAP and Security Testing
1167
OWASP Top 10 Quizz
1052
Info Security Chapter 1
20100
Cybersecurity Proficiency Quiz
301564
Security Plus
191025
Security Plus 10q Part 2
10525
Penetration testing basics, reporting of pentest, enumeration phase, passive and active scans, burp suite tool, DNS attacks, DNS spoofing and cache poisoning, XSS, CSRF, SSRF
20100
Quiz Maker Logo Make your own Quiz
Powered by: Quiz Maker