Tag: security

Questions Related to security

What is the common cause of buffer over flows, cross-site scripting, SQL injection and format string attacks?
technology security

  1. Unvalidated input

  2. Lack of authentication

  3. Improper error handing

  4. Insecure configuration management

Show answer
Correct Option: A
Explanation:

To solve this question, the user needs to have knowledge about common vulnerabilities in software development.

Now, let's go through each option and explain why it is right or wrong:

A. Unvalidated input: This option is the correct answer. All four attacks listed in the question stem are caused by unvalidated input. Unvalidated input occurs when a program does not properly check the data that it receives as input, allowing attackers to inject malicious code or data into the program.

B. Lack of authentication: This option is incorrect. While lack of authentication can be a vulnerability in software, it is not the cause of buffer overflows, cross-site scripting, SQL injection, or format string attacks.

C. Improper error handling: This option is incorrect. Improper error handling can lead to vulnerabilities in software, but it is not the cause of the attacks listed in the question stem.

D. Insecure configuration management: This option is incorrect. Insecure configuration management can lead to vulnerabilities in software, but it is not the cause of the attacks listed in the question stem.

The Answer is: A. Unvalidated input.

Out of the following which one can be considered as a possible solutions for SQL injection vulnerability?
technology security

  1. Data Validation

  2. Secure Cookies

  3. Encryption

  4. Comprehensive exception handling

Show answer
Correct Option: A
Explanation:

SQL injection is a type of attack that occurs when malicious code is injected into a SQL query. This can be done by submitting specially crafted input to a web form or API. The malicious code can then be used to extract data from the database, modify data in the database, or even execute arbitrary commands on the server.

Data Validation is the process of checking user input for malicious content. This can be done by using regular expressions or other techniques to identify and filter out harmful characters. Data validation is an important part of preventing SQL injection attacks, but it is not a foolproof solution.

Secure Cookies can help to protect against SQL injection attacks by preventing attackers from accessing session cookies. Session cookies are used to track user sessions, and they can contain sensitive information such as user IDs and passwords. If an attacker is able to obtain a session cookie, they could use it to impersonate the victim and gain access to the victim's account.

Encryption can also help to protect against SQL injection attacks. Encrypted data cannot be easily read by attackers, even if they are able to inject malicious code into a SQL query. However, encryption is not a perfect solution, as it can be difficult to implement and maintain.

Comprehensive exception handling can help to prevent SQL injection attacks by catching and logging errors that occur during the execution of SQL queries. This can help to identify and fix vulnerabilities in the code that could be exploited by attackers.

The correct answer is A. Data Validation. Data validation is the most effective way to prevent SQL injection attacks. By carefully checking user input for malicious content, it is possible to block most SQL injection attacks before they even have a chance to succeed.

The other options, while helpful, are not as effective as data validation. Secure cookies can help to protect against session hijacking, but they do not prevent SQL injection attacks. Encryption can help to protect data, but it is not a foolproof solution. Comprehensive exception handling can help to identify and fix vulnerabilities, but it is not a preventive measure.

Therefore, the best way to prevent SQL injection attacks is to use data validation. By carefully checking user input for malicious content, it is possible to block most SQL injection attacks before they even have a chance to succeed.

Which of the following should be stored in the cookie?
technology security

  1. Session ID

  2. Account Privileges

  3. UserName

  4. Password

Show answer
Correct Option: A
Explanation:

To solve this question, the user needs to know what information is appropriate to store in a cookie.

Now, let's go through each option and explain why it is right or wrong:

A. Session ID: This option is appropriate to store in a cookie. A session ID is a unique identifier assigned to a user's session and is used to keep track of session state. Storing the session ID in a cookie allows the server to identify the user's session on subsequent requests.

B. Account Privileges: This option is not appropriate to store in a cookie. Storing account privileges in a cookie is a security risk because cookies can be easily intercepted and manipulated. Instead, account privileges should be stored on the server and checked on each request.

C. UserName: This option is appropriate to store in a cookie. Storing the username in a cookie can improve the user experience by allowing the website to remember the user's preferences and customize the user's experience.

D. Password: This option is not appropriate to store in a cookie. Storing passwords in cookies is a significant security risk because cookies can be easily intercepted and manipulated. Passwords should never be stored in cookies or any other client-side storage.

The Answer is: A and C

What should be considered the most while doing data classification
technology security

  1. The type of users who would be accessing the data

  2. Availability, Integrity and Confidentiality

  3. The threat level the company faces

  4. Access controls protecting the data

Show answer
Correct Option: B

What are the fundamental principles of Security?
technology security

  1. Availability, Integrity, Confidentiality

  2. Usability, Reliability, Accountability

  3. Quality, Accountability, Integrity

  4. None of the above

Show answer
Correct Option: A

When is the best time to think about application security
technology security

  1. During testing

  2. During development

  3. During design

  4. During all phases of application development

Show answer
Correct Option: D

What is OWASP WebScarab?
technology security

  1. An insecure J2EE web application

  2. A framework for analyzing applications that communicate using the HTTP and HTTPS, most common usage is an intercepting proxy

  3. Static Source Code Analyser

  4. Penetration Testing Tool

Show answer
Correct Option: B

Which among the below is a browser based HTTP tampering tool for Firefox browser?
technology security

  1. LiveHTTPHeaders

  2. Sqlninja

  3. Bobcat

  4. WebGoat

Show answer
Correct Option: A

What product among the below can be used as a static code analyzer?

technology security

  1. Ounce

  2. WebInspect

  3. IBM RAD

  4. None of the above

Show answer
Correct Option: A

Which product among the below can be used as a penetration testing tool?
technology security

  1. Ounce

  2. DevInspect

  3. AppScan

  4. FXCop

Show answer
Correct Option: C