Tag: security

Questions Related to security

Which among the below indicate application error
technology security

  1. 400 return code

  2. 500 return code

  3. 302 return code

  4. 200 return code

Show answer
Correct Option: B

During a scan you notice that its running quite slow and there are lot of communication errors in the logs. How would you correct this problem?
technology security

  1. Increase the no of threads and increase the timeout

  2. Decrease the no of threads and decrease the timeout

  3. Increase the no of threads and decrease the timeout

  4. Decrease the no of threads and increase the timeout

Show answer
Correct Option: D

What kind of testing tool is AppScan?
technology security

  1. Black box security testing

  2. White box security testing

  3. Gray box security testing

  4. Blue box security testing

Show answer
Correct Option: A

What parameters does Appscan modify when testing a .net webservice?
technology security

  1. POST parameters

  2. SOAP parameters

  3. GET parameters

  4. Cookies

Show answer
Correct Option: B

Cross site scripting vulnerabilities helps an attacker to do what?
technology security

  1. Execute OS commands

  2. Steal user sessions

  3. Execute scripts on the webserver

  4. Manipulate the data in the database

Show answer
Correct Option: B

Which among the following do you think will prevent a CSRF attack?
technology security

  1. /transfer.asp?fromacct=”account1”&toaccount=”account2”&amount=200.45&trnsactToken=”121431ersw”

  2. /email.jsp&to=”[email protected]”&subject=”hi”

  3. Use https for all secured pages

  4. Use encryption for session cookies

Show answer
Correct Option: A

Certain folders in your application contain sensitive data. How would you securely hide their existence within your web application for all users?
technology security

  1. Send 403 return code

  2. Send 302 return code and redirect the user to the home page

  3. Send 404 return code

  4. Send 200 return code

Show answer
Correct Option: C

What is the best approach to secure a web application?
technology security

  1. Use https

  2. Use encryption

  3. Black box testing

  4. Secure coding

Show answer
Correct Option: D

Which among the below is an example of information leakage vulnerability

technology security

  1. Displaying “Welcome, “+request.getParameter(“userid”)

  2. Displaying “You entered either a wrong user id or password” error message

  3. Call stack trace

  4. Return error code 404

Show answer
Correct Option: C

Given url – http://www.abc.com/viewpage.jsp?page=catalog&productid=12345 where page parameter indicate a unique page and the productid retrieves pages for a particular product. How would you optimally configure appscan to test this application? Choose 2 answers

technology security

  1. Track the page parameter

  2. Set the link limit to 2

  3. Set the redundant path limit to 5

  4. Ignore the productid parameter

Show answer
Correct Option: A,D