Quiz Maker LogoMake your own QuizCopy & Edit
Make your own quizManage my QuizzesPlans / FeaturesGuides and HelpContactPrivacy & Security

2019 PCI OWASP Top Ten Quiz

Create an engaging and visually appealing image depicting the concept of web application security, featuring elements like locks, firewalls, and code snippets in a digital, tech-themed design.

2019 PCI OWASP Top Ten Quiz

Test your knowledge on web application security with our engaging quiz focused on the OWASP Top Ten. This quiz is designed for professionals seeking to enhance their understanding of critical security vulnerabilities and best practices.

  • Learn about Injection Attacks
  • Understand Authentication and Access Control
  • Explore Secure Data Handling
12 Questions3 MinutesCreated by ProtectingData297
What is your name? (no nicknames, Liberty Bell)
INJECTION - Which of the following is at risk of an injection attack?
Sql sql = Sql.Builder.Append(@"SELECT * FROM accounts WHERE custID = '" + request.GetParameter("id") + "'");
Sql sql = Sql.Builder.Append(@"SELECT * FROM accounts WHERE custID = @0", request.GetParameter("id"));
Sql sql = Sql.Builder.Append(@"SELECT * FROM accounts WHERE custID = '" + "120857" + "'");
BROKEN AUTHENTICATION - Which of the following is NOT a good authentication practice?
Use a strong hashing algorithm to hash passwords
Give limited attempts at logging in
Use session timeouts
Allow common passwords so users don't forget their passwords
SENSITIVE DATA EXPOSURE - Which statement is true?
Passwords should be encrypted only when at rest (stored in the database)
Old cryptography algorithms are fine as long as it's used internally
HTTPS/SSL should always be used for sensitive data
FTP is fine to use with sensitive data
XML External Entities (XXE) - Which example is NOT vulnerable to an XXE attack?
<? Xml version="1.0" encoding="ISO-8859-1"?>
<!ENTITY xxe SYSTEM "file:///etc/passwd" >]> &xxe;
<? Xml version="1.0" encoding="ISO-8859-1"?>
<!ENTITY xxe SYSTEM "https://192.168.1.1/private" >]>
<? Xml version="1.0" encoding="ISO-8859-1"?>
<!ENTITY xxe SYSTEM "file:///dev/random" >]>
<? Xml version="1.0" encoding="ISO-8859-1"?>
<!ELEMENT virus = "very yes"> ]> &xxe;
XML External Entities (XXE) - Which statement is true?
XML is safe to accept from users as is
XML should be sanitized and verified when coming from users
XML is safe to accept as is if you are using SOAP
XML should always be avoided
Broken Access Control - Which URL is NOT vulnerable to attackers possibly viewing unauthorized information?
Https://www.4life.com/corp/report/downline?distId=120857
Https://www.4life.com/corp/myaccount?isAdmin=1
Https://www.4life.com/corp/order?orderId=45634344
Https://www.4life.com/corp/user?token=A4DE9849-7541-4EBF-AC48-314DCF4B0EA0
Security Misconfiguration - Which statement is false?
Keep systems updated and patched
Change default passwords and remove default users that come with new systems
Display stack traces and debug information in all error handling
Disable directory listing
Cross-Site Scripting (XSS) - Which Razor view code example is vulnerable to a XSS attack?
<span>@Html.Raw(Request["Name"])</span>
<span>@Request["Name"]</span>
<span>@Model.Name</span>
Insecure Deserialization - The following data is serialized into the value of a cookie stored in the user's browser. This is so the user doesn't have to keep logging in with their password. This also saves having to look up any rights the user has. This makes the web pages load very fast.
 
UserId=120857&PasswordHash=b6a8b3bea87fe0e05022f8f3c88bc960&Rights=1,2,30
 
Why is this not ok?
Because the password is hashed
Because the values can be manipulated before being deserialized and used
Because you shouldn't use cookies
There is nothing wrong with this because the cookie is secure using SSL
Using Components with Known Vulnerabilities - Which statement is true?
Updating and patching operating systems should only be done when a security vulnerability is exploited in your system
All libraries used should be updated as soon as a new version is released
Components from other sources should never be used
Developers should be aware of components used that have vulnerabilities and patch them as soon as possible
Insufficient Logging & Monitoring - Which of the following should be used in a software system?
Logging of auditable events, such as logins, failed logins, and high-value transactions
Logging of errors and warnings
Appropriate alerting thresholds and response escalation processes
Monitoring of logs for suspicious activity
All of the above
{"name":"2019 PCI OWASP Top Ten Quiz", "url":"https://www.quiz-maker.com/QPREVIEW","txt":"Test your knowledge on web application security with our engaging quiz focused on the OWASP Top Ten. This quiz is designed for professionals seeking to enhance their understanding of critical security vulnerabilities and best practices.Learn about Injection AttacksUnderstand Authentication and Access ControlExplore Secure Data Handling","img":"https:/images/course8.png"}

More Quizzes

SSRF, impacts of SSRF, prevention of SSRF, SSRF attack scenarios, SSRF with metadata url in cloud systems
13623
Directory and Files Discovery
320
Security Malware
105106
CSRF, how this attack works, prevention, impacts of csrf
13618
Cyber 2
15822
Test 2 Part 1(revisit)
1585
Cross Site Scripting
520
SIGURNOST
10452299
CS 100 Final Quiz Ch 7
1587
Test Your Knowledge on Cyber Threat Intelligence
14710
Quiz 6
1586
Online Banking frod
26130
Quiz Maker Logo Make your own Quiz
Powered by: Quiz Maker