Tag: security

Questions Related to security

Give the reason(s) of Information leakage in the below code: 1 ... 2 3 4 Please enter your Login ID and Password to get into the Web Site. 5 6 Enter Login ID : 7 Enter Password : 8 9 10 11 12 ...
technology security

  1. auto-complete ON

  2. Improper usage of HTTP Method

  3. Developer Comments

  4. Option 2 AND Option 3

  5. Option 1 AND Option 3

  6. All

Show answer
Correct Option: F

Which attack(s) are possible in the below code: protected void doGet(HttpServletRequest req, HttpServletResponse res) throws IOException { String name = req.getParameter("name"); ... out.println("hello " + name.trim()); }
technology security

  1. Reflected Cross Site Scripting

  2. Improper Error Handling

  3. Directory Listing

  4. Phishing

  5. Option 1 AND Option 2 AND Option 4

  6. Option 1 AND Option 2

Show answer
Correct Option: E

Which attack(s) are possible in the below code:

technology security

  1. Content Spoofing

  2. HTTP Response Splitting

  3. Directory Listing

  4. Option 1 AND Option 2

  5. Option 2 AND Option 3

Show answer
Correct Option: D

Identify the name of the vulnerability exist in the below code: 1 ... 2 public class ShowUserDetailsAction extends HttpServlet 3 { 4 private String currentUser; 5 public void doPost(HttpServletRequest req, HttpServletResponse res) 6 { 7 try 8 { 9 currentUser = req.getParameter("userID"); 10 RequestDispatcher rd = getServletContext().getRequestDispatcher ("/ShowDetails.jsp"); 11 if (!"".equals(currentUser)) 12 { 13 14 ArrayList userInfo = new ArrayList(); 15 LoginDAO objLoginDAO = new LoginDAO(); 16 userInfo = objLoginDAO.getUserInfo(currentUser); 17 18 if (userInfo!=null && (userInfo.size()!= 0)) 19 { 20 req.setAttribute("UserInfo", userInfo); 21 } 22 else 23 { 24 req.setAttribute("NoUser", "true"); 25 } 26 } 27 rd.forward(req,res); 28 } catch (Exception e) 29 { 30 log.debug(“Error Occurred:”+ e); 31 } 32 } 33 } 34 ...
technology security

  1. URL Tampering

  2. Brute Forcing

  3. Race Condition

  4. HTML Injection

  5. XSS

Show answer
Correct Option: A

Identify the weakness in the below JSP file: 1 ... 2 3 4 8 9 11 12 13 14 function doBack() 15 { 16 history.go(-1); 17 } 18 function doDelete() 19 { 20 document.forms[0].action="/DeleteUsersAction"; 21 document.forms[0].submit(); 22 } 23 24 ...
technology security

  1. SQL Injection

  2. Cross Site Scripting

  3. Broken Access Control

  4. Improper Resource Initialization

Show answer
Correct Option: C

Identify the weakness in the below JSP file: 1 2 ... 3 Dear User, 4 5 If you liked our services, then you would like to refer it to your friends. 6 7 Click on the below link: 8 9 ";> "Refer a Friend"! 10 ... 11

technology security

  1. Information Disclosure

  2. Cross Site Scripting

  3. Usage of Risky Encryption

  4. All of the above

Show answer
Correct Option: C

Identify the Vulnerable Line # in the below code: 1 ... 2 public static Connection getConnection() 3 { 4 Connection con = null; 5 try 6 { 7 Class.forName("sun.jdbc.odbc.JdbcOdbcDriver"); 8 con = DriverManager.getConnection("jdbc:odbc:Lookup","admin","admin"); 9 10 }catch (ClassNotFoundException e) 11 { 12 if(con!=null) 13 close(con); 14 log.debug(“Error Occurred:” + e); 15 16 } catch(SQLException ex) 17 { 18 19 if(con!=null) 20 close(con); 21 log.debug(“Error Occurred:” + ex); 22 } 23 return con; 24 } 25 ...

technology security

  1. Line # 4

  2. Line # 13 & 20

  3. Line # 7 & 8

  4. None of the above

Show answer
Correct Option: C

AI Explanation

To identify the vulnerable line in the given code, we need to understand what vulnerability we are looking for.

In this case, the code is establishing a database connection using JDBC. The vulnerability we are looking for is an SQL injection vulnerability, where an attacker can manipulate the SQL query being executed.

Looking at the code, we can see that the SQL query is being constructed in line #8 using a hardcoded username and password. This can be a potential vulnerability if the username and password are not properly validated or sanitized.

Therefore, the vulnerable lines in the code are Line #7 and Line #8.

The correct answer is C) Line #7 and Line #8.

Following list shows entries in the web.xml deployment descriptor for Exception & Error Handling. Please identify which one is correct a. java.lang.Throwable /error.jsp b. 500 /error.jsp c. /error.jsp

technology security

  1. a

  2. b

  3. c

  4. a AND b

  5. a AND b AND c

Show answer
Correct Option: D

Choose the correct answer: a. Session Timeouts can be defined in the web.xml as below: Time-in-minutes b. Session Timeouts can be defined in the server.xml as below: Time-in-minutes c. Session Timeouts cannot be defined in the deployment descriptor
technology security

  1. a

  2. b

  3. c

  4. a AND b

Show answer
Correct Option: A

Choose the correct answer about the following code: public class SetCookie extends HttpServlet { public void doGet (HttpServletRequest req, HttpServletResponse res) { Cookie cookie = new Cookie ("Session Cookie”, req.getParameter(“value”)); cookie.setMaxAge (3600); response.addCookie (cookie); } ...
technology security

  1. 3600 is beyond the limit

  2. It is not recommended as it is using Persistent Cookies

  3. It leads to Cookie Poisoning Attack

  4. Option 1 AND Option 2

  5. Option 2 AND Option 3

  6. Option 1 AND Option 2 AND Option 3

Show answer
Correct Option: E