Tag: security

Questions Related to security

What should I log from within my application?
technology security

  1. Login and logout of users, Critical transactions (eg. fund transfer across accounts), Failed login attempts, Account lockouts, Violation of policies

  2. Login and logout of users, Critical transactions (eg. fund transfer across accounts), Failed login attempts, Account lockouts, Violation of policies, Forgot password correct and wrong credentials

  3. Login and logout of users, Critical transactions (eg. fund transfer across accounts), Failed login attempts, Account lockouts, Violation of policies, password sharing logs

  4. Login and logout of users, Critical transactions (eg. fund transfer across accounts), Failed login attempts, Account lockouts, Violation of policies, password sharing logs, race condition logs

Show answer
Correct Option: B

The kind of testing a application in which the tester is not provided with any information about the application is called
technology security

  1. Redbox testing

  2. whitebox testing

  3. greybox testing

  4. blackbox testing

Show answer
Correct Option: D

Standard Psuedo Random Number Generator (PRNG) cannot withstand cryptographic attacks.Which of the following type of PRNG would be the most secure to use for random number generation?
technology security

  1. Statistical

  2. Cryptographic

  3. None of the above

  4. Both of the above

Show answer
Correct Option: B

Which of the following is not a valid application security attack ?
technology security

  1. Blind SQL Injection

  2. Cross Side Scripting

  3. Remote File Inclusion

  4. Cross Site Request Forgery

Show answer
Correct Option: B

As per the JavaScript Security Model,scripts can interact only with elements that originate from the same server as the page to which the script belongs.This is commonly known as
technology security

  1. Same Source Policy

  2. Same Server Policy

  3. Same Domain Policy

  4. Same Origin Policy

Show answer
Correct Option: D

Which of the following is not a valid XSS attack ?
technology security

  1. DOM

  2. Persistent

  3. Reflected

  4. Inflicted

Show answer
Correct Option: D

You have been asked to design an auctioning website.Each bidder is provded a unique login and password.Three invalid login attempts would cause the id to be logged out and any active session to be terminated.Which of the following would you avoid to prevent business logic flaws ?
technology security

  1. Prevent bidders from seing the bid amount by another bidders

  2. Allow bidders to see the login ID of other bidders

  3. Prevent a bidder from bidding more than thrice

  4. Set a cut off amount on the bids to be raised

Show answer
Correct Option: B

What is the Auhentication Protocol used by Facebook\Twitter?
technology security

  1. OpenID

  2. OAuth2.0

  3. LiveID

  4. Advanced Encryption Standard

Show answer
Correct Option: B

Pick the odd man out
technology security

  1. Burp Suite

  2. Paros

  3. Web Scarab

  4. WireShark

Show answer
Correct Option: D

Neil is a budding software developer who has requested you to review his code.He has been asked by the client manager to create an administrative web application designed allow users to kick off a backup of an Oracle database using a batch-file wrapper around the rman utility . The script rmanDB.bat accepts a single command line parameter, which specifies what type of backup to perform. Because access to the database is restricted, the application runs the backup as a privileged user. The commmand to execute the rman script is cmd.exe /K \c:\util\rmanDB.bat < User Specified Back Up type> .Neil has coded the program and which simply accepts the user specified back up variable as a string and directly excutes the command line. What is the most likely vulnerability this code is exposed to?
technology security

  1. Command Injection

  2. Buffer Overflow

  3. Persistent XSS

  4. CSRF

Show answer
Correct Option: A