Tag: security

Questions Related to security

The application is receiving input from an external source. Which of the following external sources can be considered safe?
technology security

  1. Shell environment variables

  2. Data received via encrypted network channels

  3. argv[0] can only have either null or program name

  4. no external input must be trusted

Show answer
Correct Option: D
Explanation:

A. Shell environment variables

Shell environment variables are not considered safe because they can be easily modified by the user. For example, a user could set the PATH environment variable to include a malicious directory, which would allow the application to execute arbitrary code.

B. Data received via encrypted network channels

Data received via encrypted network channels is considered more safe than other sources of external input, but it is still not completely safe. The encryption could be broken, or the data could be intercepted and modified before it is decrypted.

C. argv[0] can only have either null or program name

The argv[0] parameter is the name of the program that is being executed. It is not considered a safe source of input because it can be easily modified by the user. For example, a user could change the argv[0] parameter to a malicious program, which would then be executed instead of the intended program.

D. no external input must be trusted

The correct answer is D. No external input must be trusted, regardless of the source. Even if the input comes from a seemingly safe source, it is always possible that the input has been tampered with. Therefore, it is important to always validate and sanitize all external input before it is processed by the application.

The correct answer is therefore D.

In the following code snippet, should the pointer be deleted? 

int main (int argc, char *argv[]) { 
    char* j;  
    j=argv[1];  
    int k=atoi(j);  
    /*delete here*/  
    return 0; 
}
technology security

  1. delete j;

  2. realloc j;

  3. free j;

  4. It need not be deleted

Show answer
Correct Option: D

How many of following are security code review tools

  • OWASP WebScarab
  • Fortify
  • WebInspect
  • AppScan
  • Nikto
  • FindBugs
technology security

  1. 1

  2. 2

  3. 4

  4. 6

Show answer
Correct Option: B 
int main(char* argc, char** argv) { 
    char cmd[CMD_MAX] = "/usr/bin/cat "; 
    strcat(cmd, argv[1]); 
    system(cmd); 
}

Code is vulnerable to buffer overflow attack and
technology security

  1. DNS Spoofing

  2. Command Injection

  3. Path Traversal

  4. Both 2 and 3

Show answer
Correct Option: D

What can go wrong in following code? 

#include  
int main(int argc, char *argv[]){
    if(argc != 3){
        printf("usage: %s [source] [dest]n", argv[0]);
        exit(1);
    }
    char buffer1[5];
    strcpy(buffer1, argv[1]);
    char buffer2[5];
    strcpy(buffer1, argv[1]);
    char x;
    FILE *file[2];
    file[0] = fopen(buffer1,"r+");
    file[1] = fopen(buffer2,"w+");
    for(x = 0; x < 2; x++){
        if(file[x] == NULL){
            printf("error opening file.n");
            exit(1);
        }
    }
    do {
        x = fgetc(file[0]);
        fputc(x,file[1]);
    }
    while(x != EOF);
    for(x = 0; x < 2; x++)         
        fclose(file[x]);
    return 0;
}
technology security

  1. XSS

  2. Arc Injection

  3. Buffer Overflow

  4. both 2 and 3

Show answer
Correct Option: D

In the following code snippet, how should a pointer be deleted 

int main (int argc, char *argv[]) { 
    char* j=new char[100];  
    j=argv[1];  
    int k=atoi(j);  
    /*delete here*/  
    return 0; 
}
technology security

  1. delete j

  2. free j

  3. it is not supposed to be deleted

  4. delete [] j

Show answer
Correct Option: D

A program wants to do some activities with root privileges when it starts up and shuts down. Other activities it does can be done as a lesser privileged user. Which of the options given below is most secure?
technology security

  1. The program should be started with root privileges. Then it should use setuid(UID) to change privileges between root and another account.

  2. The program should be started with root privileges. Then it should use seteuid(UID) to change privileges between root and another account.

  3. Starting the program as root is a security risk. The program should run with least privileges and obtain root using seteuid(UID) whenever necessary.

  4. The program has to run with root privileges entirely. Once root privileges are dropped they cannot be regained.

Show answer
Correct Option: B

What value is stored in *leaf in the program given below? 

int *myfunc(int tree) {   
    int *node;   
    int i=rand();   
    if(0==tree/pow(2,i))       
        node=&tree;   
    else       
        node=&i;   
    return node; 
}  

int main(int argc, char * argv[]) {   
    int *leaf;   
    leaf=myfunc(7); 
}
technology security

  1. value of tree

  2. value of node

  3. value of i

  4. garbage-- its a dangling pointer

Show answer
Correct Option: D

List the correct entries in the web.xml deployment descriptor for Exception & Error Handling
technology security

  1. java.lang.Throwable /error.jsp

  2. 500 /error.jsp

  3. /error.jsp

  4. a & b

Show answer
Correct Option: D

Choose the correct answer:
technology security

  1. HTTP PUT & DELETE method can be disabled in web.xml from the below code: Disallowed Location /* PUT

  2. HTTP PUT & DELETE methods are disabled by default

  3. HTTP PUT & DELETE methods should not be disabled

  4. HTTP PUT & DELETE methods cannot be disabled

Show answer
Correct Option: A