Tag: security

Questions Related to security

The following appscan reports Sarbanes oxley, HIPPA, FISMA belongs to which type?
technology security

  1. Custom

  2. Industry Standard

  3. Compliance

  4. Delta Analysis

Show answer
Correct Option: C

Given url – http://www.abc.com/viewpage.jsp?page=catalog&productid=12345 where page parameter indicate a unique page and the productid retrieves pages for a particular product. How would you optimally configure appscan to test this application? Choose 2 answers

technology security

  1. Track the page parameter

  2. Set the link limit to 2

  3. Set the redundant path limit to 5

  4. Ignore the productid parameter

Show answer
Correct Option: A,D

In the Application Data View reviewing which detail gives the information that appscan completely covered all the urls of the application? Choose 3.
technology security

  1. Broken links

  2. Cookies

  3. Javascripts

  4. Visited URLs

Show answer
Correct Option: A,C,D

Out of 500 urls you see that appscan could visit only 55 urls. What do you think are the reasons? Choose 2 possible best answers
technology security

  1. Appscan could not login to your application

  2. Redundant path limit was set to 55

  3. Link limit was set to 500

  4. Additional servers and domains were not listed properly

Show answer
Correct Option: A,D

Which among the following do you think will prevent a CSRF attack?
technology security

  1. /transfer.asp?fromacct=”account1”&toaccount=”account2”&amount=200.45&trnsactToken=”121431ersw”

  2. /email.jsp&to=”[email protected]”&subject=”hi”

  3. Use https for all secured pages

  4. Use encryption for session cookies

Show answer
Correct Option: A

Which among the below do you think is the right approach for secure session management?
technology security

  1. Display “Welcome, user!” on the home page

  2. Display only “Welcome” on the home page

  3. Invalidate and destroy the session when user logs out

  4. Use persistent cookies for session management

Show answer
Correct Option: C

Certain folders in your application contain sensitive data. How would you securely hide their existence within your web application for all users?
technology security

  1. Send 403 return code

  2. Send 302 return code and redirect the user to the home page

  3. Send 404 return code

  4. Send 200 return code

Show answer
Correct Option: C

Appscan injected the following into a test request GET /bank/customize.aspx?lang=Foobar%3f%0d%0aAppScanHeader:%20AppScanValue%2f1%2e2%2d3%0d%0aSecondAppScanHeader: %20whatever HTTP/1.0. What kind of vulnerability is appscan testing for?
technology security

  1. Cross site request forgery

  2. Cross site scripting

  3. HTTP Response Splitting

  4. SQL injection

Show answer
Correct Option: C

After the appscan finished testing your web application you found that your password was changed to 1234. What do you think happened?
technology security

  1. Reset password functionality was invoked during the testing

  2. Change password form was submitted by appscan

  3. Somebody changed your password while the scan was running

  4. This is a result of an SQL injection test by appscan

Show answer
Correct Option: B

After a test appscan reports the occurrence of lot of hidden files which you know for sure your application does not contain. What do you think happened?
technology security

  1. Somebody put those files there during the test

  2. Appscan created those files

  3. Third party domain was not excluded from the scan

  4. It’s a result of cross site scripting attack

Show answer
Correct Option: C