Quiz Maker LogoCreate a Quiz
Quiz MakerGuides and HelpContact

2019 PCI OWASP Top Ten Quiz

Create an engaging and visually appealing image depicting the concept of web application security, featuring elements like locks, firewalls, and code snippets in a digital, tech-themed design.

2019 PCI OWASP Top Ten Quiz

Test your knowledge on web application security with our engaging quiz focused on the OWASP Top Ten. This quiz is designed for professionals seeking to enhance their understanding of critical security vulnerabilities and best practices.

  • Learn about Injection Attacks
  • Understand Authentication and Access Control
  • Explore Secure Data Handling
12 Questions3 MinutesCreated by ProtectingData297
What is your name? (no nicknames, Liberty Bell)
INJECTION - Which of the following is at risk of an injection attack?
Sql sql = Sql.Builder.Append(@"SELECT * FROM accounts WHERE custID = '" + request.GetParameter("id") + "'");
Sql sql = Sql.Builder.Append(@"SELECT * FROM accounts WHERE custID = @0", request.GetParameter("id"));
Sql sql = Sql.Builder.Append(@"SELECT * FROM accounts WHERE custID = '" + "120857" + "'");
BROKEN AUTHENTICATION - Which of the following is NOT a good authentication practice?
Use a strong hashing algorithm to hash passwords
Give limited attempts at logging in
Use session timeouts
Allow common passwords so users don't forget their passwords
SENSITIVE DATA EXPOSURE - Which statement is true?
Passwords should be encrypted only when at rest (stored in the database)
Old cryptography algorithms are fine as long as it's used internally
HTTPS/SSL should always be used for sensitive data
FTP is fine to use with sensitive data
XML External Entities (XXE) - Which example is NOT vulnerable to an XXE attack?
<? Xml version="1.0" encoding="ISO-8859-1"?>
<!ENTITY xxe SYSTEM "file:///etc/passwd" >]> &xxe;
<? Xml version="1.0" encoding="ISO-8859-1"?>
<!ENTITY xxe SYSTEM "https://192.168.1.1/private" >]>
<? Xml version="1.0" encoding="ISO-8859-1"?>
<!ENTITY xxe SYSTEM "file:///dev/random" >]>
<? Xml version="1.0" encoding="ISO-8859-1"?>
<!ELEMENT virus = "very yes"> ]> &xxe;
XML External Entities (XXE) - Which statement is true?
XML is safe to accept from users as is
XML should be sanitized and verified when coming from users
XML is safe to accept as is if you are using SOAP
XML should always be avoided
Broken Access Control - Which URL is NOT vulnerable to attackers possibly viewing unauthorized information?
Https://www.4life.com/corp/report/downline?distId=120857
Https://www.4life.com/corp/myaccount?isAdmin=1
Https://www.4life.com/corp/order?orderId=45634344
Https://www.4life.com/corp/user?token=A4DE9849-7541-4EBF-AC48-314DCF4B0EA0
Security Misconfiguration - Which statement is false?
Keep systems updated and patched
Change default passwords and remove default users that come with new systems
Display stack traces and debug information in all error handling
Disable directory listing
Cross-Site Scripting (XSS) - Which Razor view code example is vulnerable to a XSS attack?
<span>@Html.Raw(Request["Name"])</span>
<span>@Request["Name"]</span>
<span>@Model.Name</span>
Insecure Deserialization - The following data is serialized into the value of a cookie stored in the user's browser. This is so the user doesn't have to keep logging in with their password. This also saves having to look up any rights the user has. This makes the web pages load very fast.
 
UserId=120857&PasswordHash=b6a8b3bea87fe0e05022f8f3c88bc960&Rights=1,2,30
 
Why is this not ok?
Because the password is hashed
Because the values can be manipulated before being deserialized and used
Because you shouldn't use cookies
There is nothing wrong with this because the cookie is secure using SSL
Using Components with Known Vulnerabilities - Which statement is true?
Updating and patching operating systems should only be done when a security vulnerability is exploited in your system
All libraries used should be updated as soon as a new version is released
Components from other sources should never be used
Developers should be aware of components used that have vulnerabilities and patch them as soon as possible
Insufficient Logging & Monitoring - Which of the following should be used in a software system?
Logging of auditable events, such as logins, failed logins, and high-value transactions
Logging of errors and warnings
Appropriate alerting thresholds and response escalation processes
Monitoring of logs for suspicious activity
All of the above
{"name":"2019 PCI OWASP Top Ten Quiz", "url":"https://www.quiz-maker.com/QPREVIEW","txt":"Test your knowledge on web application security with our engaging quiz focused on the OWASP Top Ten. This quiz is designed for professionals seeking to enhance their understanding of critical security vulnerabilities and best practices.Learn about Injection AttacksUnderstand Authentication and Access ControlExplore Secure Data Handling","img":"https:/images/course8.png"}

More Quizzes

Secure Application Development Quiz
11623
SSRF, impacts of SSRF, prevention of SSRF, SSRF attack scenarios, SSRF with metadata url in cloud systems
13632
CERT Refresher - Fire Safety
10518
Heart of Worship Team Quiz
12614
AC/DC - Test Your Fan Knowledge (Free)
201019461
Twilight Book Trivia - Free Online
201020923
Am I Over My Crush? Free With Instant Results
201017216
What Animal Crossing Villager Are You? Free
201017216
Medical History Trivia - Free Online Challenge
201018097
Diversity Trivia Game: Test Your Inclusion IQ - Free
201021141
Food Safety & Nutritional Care Test - Free Online
201017541
Valorant: Prove Your Game Sense with Tough Questions
201019640
Powered by
Quiz Maker
Powered by: Quiz Maker