Tag: security

Questions Related to security

Appscan injected the following into a test request GET /bank/customize.aspx?lang=Foobar%3f%0d%0aAppScanHeader:%20AppScanValue%2f1%2e2%2d3%0d%0aSecondAppScanHeader:%20whatever HTTP/1.0. What kind of vulnerability is appscan testing for?
technology security

  1. Cross site request forgery

  2. Cross site scripting

  3. HTTP Response Splitting

  4. SQL injection

Show answer
Correct Option: C

After the appscan finished testing your web application you found that your password was changed to 1234. What do you think happened?
technology security

  1. Reset password functionality was invoked during the testing

  2. Change password form was submitted by appscan

  3. Somebody changed your password while the scan was running

  4. This is a result of an SQL injection test by appscan

Show answer
Correct Option: B

Which among the below do you think appscan will NOT report as “Predictable login credentials?
technology security

  1. Admin/admin1

  2. John/nAscar

  3. John/n@sc1234r

  4. John/nascar2

Show answer
Correct Option: C

The occurrence of which among the below in the http response will appscan report as possible server path disclosure vulnerability?
technology security

  1. ../../help/images/about.jpeg

  3. d:/etc/host/pwd

  4. document.title(“/admin/administration”);

Show answer
Correct Option: C

What’s the effect of malicious file execution on the server?
technology security

  1. User account compromised

  2. Steal user sessions

  3. Site defacement and complete take over of the application

  4. Complete user account compromise

Show answer
Correct Option: C

When do you use a multi step operation ?
technology security

  1. When a login sequence needs to be recorded

  2. When a particular application flow needs to be recorded

  3. When in session parameter needs to be defined

  4. When you need to test only a part of your application

Show answer
Correct Option: B

The appscan reports Sarbanes oxley, hippa, fisma belongs to which Type?
technology security

  1. Custom

  2. Industry Standard

  3. Compliance

  4. Delta Analysis

Show answer
Correct Option: C

After a test appscan reports the occurrence of lot of hidden files which you know for sure your application does not contain. What do you think happened?
technology security

  1. Somebody put those files there during the test

  2. Appscan created those files

  3. Third party domain was not excluded from the scan

  4. It’s a result of cross site scripting attack

Show answer
Correct Option: C

For a given url -> http://www.example.com/smb.jsp&page=wireless where wireless indicates a unique page how would you configure appscan to test all unique pages?

technology security

  1. Ignore the page parameter

  2. Track the page parameter

  3. Set the redundant path limit to 1

  4. Set the depth limit to 1

Show answer
Correct Option: B

What does “Difference” in the details pane indicate?
technology security

  1. Difference between 2 tests

  2. How appscan modified the original web application page

  3. How appscan constructed the test http request

  4. How appscan arrived at the threat classification

Show answer
Correct Option: C