Tag: science & technology

Questions Related to science & technology

Multiple choice general knowledge science & technology
  1. Avoid Escape Special Characters

  2. Use of non Parameterized API

  3. Input Validation against Whitelist

  4. Avoid sending the wrong data at first place as request parameter.

Reveal answer Fill a bubble to check yourself
C Correct answer
Explanation

Input validation against a whitelist is a correct injection prevention mechanism. A whitelist defines exactly what inputs are allowed, rejecting anything that doesn't match. This prevents injection attacks by ensuring only valid, expected data enters the system. Avoid escaping special characters would make you vulnerable, non-parameterized APIs are vulnerable, and while avoiding wrong data helps, validation against whitelist is the technical prevention mechanism.

Multiple choice general knowledge science & technology
  1. Escape special characters using the specific escape syntax for that interpreter

  2. Use of Parameterized API

  3. Avoid sending the wrong data at first place as request parameter.

  4. Input Validation using Whitelist

Reveal answer Fill a bubble to check yourself
C Correct answer
Explanation

Option C is the correct answer because 'Avoid sending the wrong data' is not a technical injection prevention mechanism - it's a general practice rather than a specific defensive technique. The other options ARE valid prevention mechanisms: escaping special characters (A), using parameterized APIs/prepared statements (B), and input validation with whitelists (D) are all standard techniques for preventing SQL injection and similar attacks.

Multiple choice general knowledge science & technology
  1. Injection

  2. Cross Site Request Forgery

  3. Cross Site Scripting

  4. Failure to Restrict URL Access

Reveal answer Fill a bubble to check yourself
C Correct answer
Explanation

The description 'text-based attack data that exploit the interpreter in the browser' is the textbook definition of Cross Site Scripting (XSS). In XSS attacks, malicious scripts are injected into web pages viewed by other users, exploiting the browser's script interpreter. This distinguishes it from Injection (server-side interpreter), CSRF (exploiting authenticated sessions), and URL access restrictions (authorization bypass).

Multiple choice general knowledge science & technology
  1. FileSystem

  2. Web Application

  3. Production Server

  4. Browser InterPretation

Reveal answer Fill a bubble to check yourself
D Correct answer
Explanation

Cross Site Scripting (XSS) specifically targets the browser's interpreter - it exploits how browsers interpret and execute scripts within web pages. Unlike attacks that target servers (B, C) or file systems (A), XSS payloads run in the victim's browser context. The term 'Browser Interpretation' (D) correctly identifies this client-side execution environment.

Multiple choice general knowledge science & technology
  1. Broken Authorization

  2. Broken Authentication and Session Management

  3. Security Misconfiguration

  4. Cross Site Request Forgery

Reveal answer Fill a bubble to check yourself
B Correct answer
Explanation

This scenario is a classic example of Broken Authentication and Session Management - the user failed to properly terminate their session (logout), allowing an attacker to hijack the authenticated session. The vulnerability is that session identifiers remained valid and accessible, enabling the attacker to impersonate the legitimate user without re-authenticating. This differs from authorization issues (A), security misconfiguration (C), or CSRF (D).

Multiple choice general knowledge science & technology
  1. User able to access the page which he/she is not Authorised.

  2. Exposing Authentication/Session details as part of URL

  3. Sending Financial Data request as part of the request URL.

  4. None of the Above

Reveal answer Fill a bubble to check yourself
B Correct answer
Explanation

Exposing session IDs or authentication credentials in URLs (B) is a valid scenario of Broken Authentication and Session Management. URLs get logged in browser history, server logs, and referrer headers - exposing sensitive authentication data in URLs allows attackers to capture session identifiers. Option (A) describes an authorization issue, (C) is about data exposure, and (B) is the correct authentication/session management vulnerability.

Multiple choice general knowledge science & technology
  1. Use of non Parameterized API

  2. Unauthorised access to any webpage /webdata directly or indirectly.

  3. Ignoring the updates to install.

  4. None of the Above.

Reveal answer Fill a bubble to check yourself
B Correct answer
Explanation

Insecure Direct Object References occur when an application exposes internal object references (like database keys, file paths, or directory entries) without proper access control validation. Option (B) 'Unauthorised access to any webpage/webdata directly or indirectly' describes this - attackers manipulate direct object references to access unauthorized data. Option (A) relates to injection, (C) is about patching, and (B) correctly describes IDOR.

Multiple choice general knowledge science & technology
  1. Cross Site Request Forgery

  2. Broken Authentication and Session Management

  3. Insecure Direct Object Refrences

  4. Insecure Cryptographic Storage

Reveal answer Fill a bubble to check yourself
C Correct answer
Explanation

Using per-user or session indirect object references (like using database IDs instead of sequential numbers) prevents Insecure Direct Object References. Without this, attackers can manipulate URLs or parameters to access other users' data by guessing or incrementing IDs. This ensures users can only access objects they're authorized to see.

Multiple choice general knowledge science & technology
  1. Injection

  2. Cross Site Scripting

  3. Cross Site Request Forgery

  4. Security Misconfiguration

Reveal answer Fill a bubble to check yourself
C Correct answer
Explanation

Cross Site Request Forgery (CSRF) involves attackers forging authenticated requests that victims unknowingly submit. Since the browser automatically sends cookies (including session tokens) with the request, the server believes it's from the legitimate user. Key indicators: forged requests, tricking victims, authentication bypass. Unlike XSS which executes scripts in the browser.

Multiple choice general knowledge science & technology
  1. Insecure Direct Object References

  2. Insecure Cryptographic Storage

  3. Unvalidated Redirects and Forwards

  4. Cross-Site Request Forgery (CSRF)

Reveal answer Fill a bubble to check yourself
D Correct answer
Explanation

CSRF tokens are unique, unpredictable values included in forms as hidden fields. When the form is submitted, the server validates this token matches the session token. Since attackers cannot guess or obtain this token, they cannot forge valid requests even if they trick users into submitting forms. This is the primary defense against CSRF.