Tag: security

Questions Related to security

"SELECT name FROM users WHERE id = " + form.getUserID()"; Using TCS SAPI what is the best way to remediate the SQL injection vulnerability in the above query to an Oracle Database?
technology security

  1. "SELECT name FROM users WHERE id = " + com.tcs.sapi.io.ValidationUtil.encodeForOraSQL(validatedUserId);

  2. "SELECT name FROM users WHERE id = " + com.tcs.sapi.io.ValidationUtil.encodeForSQL(validatedUserId);

  3. "SELECT name FROM users WHERE id = " + com.tcs.sapi.io.ValidationUtil.encodeForSQL( new Codec(), validatedUserId);

  4. None of the above

Show answer
Correct Option: A

What is the best methodology to remediate the SQL Injection vulnerability in a Java based web application?
technology security

  1. Use the com.tcs.sapi.io.ValidationUtil.encodeForOraSQL(String input) method

  2. Use PreparedStatement constructs and use the setXXX methods on the PreparedStatement object

  3. Use the Java createStatement construct to execute the query

  4. Concatenate your SQL string together using dynamic input and create and execute a PreparedStatement object using that query

Show answer
Correct Option: B

Which among the below is the correct way to safely encode the URL "/admin/findUser.do?name=" + request.getParameter( "dangerousInput" )
technology security

  1. String safeURIToDisplay= "/admin/findUser.do?name=" + TCSSAPI.encoder().encodeForJavaScript(request.getParameter( "dangerousInput"));

  2. String safeURIToDisplay = TCSSAPI.encoder().encodeForURL( "/admin/findUser.do?name=" + request.getParameter( "dangerousInput" ) );

  3. String safeURIToDisplay= "/admin/findUser.do?name=" + com.tcs.sapi.io.ValidationUtil.encodeForURL(request.getParameter( "dangerousInput"));

  4. None of the above

Show answer
Correct Option: C

Whats the use of adding the CSRF Token to the urls?
technology security

  1. Prevent Cross Site Scripting

  2. Prevent Cross Site Request Forgery

  3. Prevent Cross Site Tracing

  4. None of the above

Show answer
Correct Option: B

What does isSecureRequest(HttpServletRequest request) method accomplish?
technology security

  1. It checks if the http request is made on an SSL channel

  2. It checks if the http method is a POST

  3. Both of the above

  4. None of the above

Show answer
Correct Option: C

What messages does an object of EnterpriseSecurityException class contain?
technology security

  1. Log Message which gets logged in the log file and not safe to display to users

  2. User Message which is safe to display to users

  3. Both of the above

  4. None of the above

Show answer
Correct Option: C

What exception is thrown by the security API when a user attempts to access a resource that they are not authorized for?
technology security

  1. SecurityException

  2. AccessException

  3. AuthenitcationException

  4. Exception

Show answer
Correct Option: A

What is the most common exception thrown by the validation methods in the security API?
technology security

  1. Validation Exception

  2. SecurityException

  3. Encoding Exception

  4. Encryption Exception

Show answer
Correct Option: B

The usage of setRememberToken is
technology security

  1. Generally recommended

  2. Generally not recommended

  3. Should always be used

  4. Should not be used at all

Show answer
Correct Option: B

What are the different levels of logging provided in the API?
technology security

  1. Trace, warn, error and fatal

  2. Trace, debug, info, warn, error and fatal

  3. Debug, info, error, fatal

  4. Debug, Warn, Error

Show answer
Correct Option: A