Tag: security

Questions Related to security

unsigned char j,k; j=getchar(); k=getchar(); unsigned char result = j + k; What vulnerability is present in this code:

technology security

  1. Heap Overflow

  2. Integer overflow

  3. Buffer overflow

  4. No Vulnerability

Show answer
Correct Option: B

AI Explanation

To answer this question, we need to understand the code and the potential vulnerabilities associated with it.

In the given code snippet:

unsigned char j,k;
j = getchar();
k = getchar();
unsigned char result = j + k;

The vulnerability present in this code is an integer overflow.

Explanation:

  1. The getchar() function reads a character from the standard input and returns its ASCII value as an int.
  2. The ASCII values of characters can range from 0 to 255, which can be represented by an unsigned char in C.
  3. The unsigned char type has a range of 0 to 255.
  4. When adding j and k, the result will be stored in the result variable.
  5. If the sum of j and k exceeds 255, an integer overflow occurs.
  6. An integer overflow happens when the result of an arithmetic operation exceeds the maximum value that can be represented by the data type.
  7. In this case, if the sum of j and k is greater than 255, the result will wrap around and be stored as the remainder of the value modulo 256.
  8. This can lead to unexpected behavior and potential security vulnerabilities if the overflow is not handled properly.

Therefore, the correct answer is B) Integer overflow.

Which statement creates a buffer over flow? (Line numbers are marked using comments /* */)

#include   
#include   
#include   
int main (int argc, char *argv[])  {   
    int i=0,j=1;   
    char ipstring[80];   
    for (;i<=3;i++){    
        cout<
technology security

  1. 1

  2. 2

  3. Both

  4. None

Show answer
Correct Option: B

What is the vulnerability ?

int main (int argc, char *argv[]) { 
     char k[3]; 
     int i=0,j=1; 
     char buffer[50]; 
     strncpy(buffer, argv[1], sizeof(buffer) - 1); 
     buffer[49]='/0'; 
     unsigned char ch='a'; 
     k[0]=1; 
     do{   
        i++;   
        k[i]=ch+i; 
    } while(i<3); 

    return 0; 
}
technology security

  1. Heap overflow

  2. Integer overflow

  3. Off by one error

  4. None of the above

Show answer
Correct Option: C

Which attack(s) are possible in the below code:
technology security

  1. Content Spoofing

  2. HTTP Response Splitting

  3. Directory Listing

  4. a & b

Show answer
Correct Option: D

Identify the name of the vulnerability exist in the below code: 

1 ...   
2 public class ShowUserDetailsAction extends HttpServlet   
3 {   
4 private String currentUser;     
5 public void doPost(HttpServletRequest req, HttpServletResponse res)   
6 {   
7 try   
8 {   
9  currentUser = req.getParameter("userID");  
10  RequestDispatcher rd = getServletContext().getRequestDispatcher ("/ShowDetails.jsp");  
11  if (!"".equals(currentUser))  
12  {  
13     
14   ArrayList userInfo = new ArrayList();  
15   LoginDAO objLoginDAO = new LoginDAO();  
16   userInfo = objLoginDAO.getUserInfo(currentUser);  
17     
18   if (userInfo!=null && (userInfo.size()!= 0))  
19   {  
20    req.setAttribute("UserInfo", userInfo);  
21   }  
22   else  
23   {  
24    req.setAttribute("NoUser", "true");  
25   }  
26  }  
27  rd.forward(req,res);  
28 } catch (Exception e)  
29 {  
30  log.debug(“Error Occurred:”+ e);  
31 }  
32 }  
33 }   
34 ...
technology security

  1. URL Tampering

  2. Brute Forcing

  3. Race Condition

  4. HTML Injection

Show answer
Correct Option: C

Identify the weakness in the below JSP file: 

1  ...   
2     
3    
4     
8     
9    
11    
12   
13    
14  function doBack()  
15  {  
16   history.go(-1);  
17  }  
18  function doDelete()  
19  {  
20   document.forms[0].action="/DeleteUsersAction";  
21   document.forms[0].submit();  
22  }  
23    
24  ...
technology security

  1. SQL Injection

  2. Cross Site Scripting

  3. Broken Access Control

  4. Improper Resource Initialization

Show answer
Correct Option: C

Identify the weakness in the below JSP file:

1    
2  ...   
3  Dear User,   
4    
5  If you liked our services, then you would like to refer it to your friends.   
6    
7  Click on the below link:    
8    
9  <a href="/CWE/ReferAFriendAction?pageRedirect=">"&gt;  "Refer a Friend"!</a>  10  ...  
11
technology security

  1. Information Disclosure

  2. Cross Site Scripting

  3. Usage of Risky Encryption

  4. All of the above

Show answer
Correct Option: C

Identify the Vulnerable Line # in the below code:

1 ...   
2 public static Connection getConnection()    
3 {   
4  Connection con = null;   
5  try   
6  {   
7   Class.forName("sun.jdbc.odbc.JdbcOdbcDriver");   
8   con = DriverManager.getConnection("jdbc:odbc:Lookup","admin","admin");   
9    
10  }catch (ClassNotFoundException e)   
11  {   
12   if(con!=null)  
13    close(con);  
14   log.debug(“Error Occurred:” + e);   
15    
16  } catch(SQLException ex)  
17  {   
18    
19   if(con!=null)  
20    close(con);  
21   log.debug(“Error Occurred:” + ex);  
22  }  
23  return con;   
24 }  
25 ...
technology security

  1. Line # 4

  2. Line # 13 & 20

  3. Line # 7 & 8

  4. None of the above

Show answer
Correct Option: C

Which of the following is a security advantage of managed code over unmanaged code?
technology security

  1. Size of the attack surface

  2. Number of roles

  3. Number of lines of code

  4. Size of the chroot jail

Show answer
Correct Option: A

Who is ultimately responsible for notifying authorities of a data or system theft?
technology security

  1. Users

  2. Security administrators

  3. System administrator

  4. Management

Show answer
Correct Option: D