Know IT All Trivia: Application security

Test your knowledge of application security with these trivia questions.



Test your knowledge of application security with these trivia questions. Scroll down to the bottom of the page for the correct answer.

1.) A cracker exploits this in order to use a Web application to transport an attack to a user's browser. It can expose a local machine or enable an attacker to spoof content.
a. unvalidated parameter
b. buffer overflow
c. command injection flaw
d. cross-site scripting flaw

2.) This language is a new security interoperability standard within the Organization for the Advancement of Structured Information Standards (OASIS) designed to provide a standard way for application vulnerabilities to be defined and classified.
a. XrML
b. AVDL
c. SAML
d. XACML

3.) This attack against Web applications involves getting information from a server by modifying the session's cookie.
a. chaffing
b. brain fingerprinting
c. cookie poisoning
d. cookie hijacking

4.) In this type of attack against database-driven applications, the intruder manipulates a site's Web-based interfaces to force the database to execute undesirable code.
a. smurfing
b. SQL injection
c. nuking
d. phreaking

5.) This protects Web applications written in Perl from dangerous code by assuming that all user input is potentially malicious and placing restrictions on the actions that the script may perform on that input.
a. promiscuous mode
b. Tempest-shielding
c. data key
d. taint mode





What do you think of our trivia questions? Are they too easy? Too hard? Let us know.










Want to learn more about securing your applications? Check out this learning guide Top 10 most critical Web application security vulnerabilities.










ANSWERS:

1.) d. cross-site scripting flaw
Learn more about common vulnerabilities in the Vulnerabilities section of SearchAppSecurity.com.

2.) b. AVDL
Learn more about Web security standards in the Standards section of SearchAppSecurity.com

3.) c. cookie poisoning
For more information about cookie poisoning, read the definition in SearchAppSecurity.com's glossary.

4.) b. SQL injection
Learn more about SQL injection in the tip "SQL injection: Developers fight back"

5.) d. taint mode
For more information on vulnerabilities due to poorly constructed code, read the tip Buffer-overflow attacks: How do they work?.

This was first published in April 2006

Dig deeper on Building security into the SDLC (Software development life cycle)

Pro+

Features

Enjoy the benefits of Pro+ membership, learn more and join.

0 comments

Oldest 

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to:

-ADS BY GOOGLE

SearchSOA

TheServerSide

SearchCloudApplications

SearchAWS

SearchBusinessAnalytics

SearchFinancialApplications

SearchHealthIT

This Content Component encountered an error
Close