Tag: security

Questions Related to security

What is used as the salt value in the hash function available in the TCS SAPI?
technology security

  1. A constant value stored as plain text within a configuration file

  2. There is no salt added while calculating the hash value

  3. The accountName is used as the salt value

  4. The salt value is calculated from the password value

Show answer
Correct Option: C

What is meant by Canonicalization?
technology security

  1. Its a form of encoding

  2. Its a form of encryption

  3. Its a form of decryption

  4. Its simply the operation of reducing a possibly encoded string down to its simplest form

Show answer
Correct Option: D

What is the functionality of the sign() method?
technology security

  1. Encrypts the input and returns the encrypted string

  2. Encodes the data

  3. Hashes the data

  4. Create a digital signature for the provided input data and return the signature in a string

Show answer
Correct Option: D

Which methods in the TCS SAPI can be used to prevent Path Traversal?
technology security

  1. isValidDirectory( java.lang.String context, java.lang.String input)

  2. isValidDirectory( java.lang.String context, java.lang.String input) and isValidFileName(java.lang.String context, java.lang.String input)

  3. isSafeDirectoryPath(java.lang.String context, java.lang.String input,boolean allowNull) and isSafeFileName(java.lang.String context, java.lang.String input,boolean allowNull)

  4. ValidateDirectoryPath(java.lang.String context, java.lang.String input,boolean allowNull)

Show answer
Correct Option: C

What is OWASP WebScarab?
technology security

  1. An insecure J2EE web application

  2. A framework for analyzing applications that communicate using the HTTP and HTTPS, most common usage is an intercepting proxy

  3. Static Source Code Analyser

  4. Penetration Testing Tool

Show answer
Correct Option: B

Which among the below is a browser based HTTP tampering tool for Firefox browser?
technology security

  1. LiveHTTPHeaders

  2. Sqlninja

  3. Bobcat

  4. WebGoat

Show answer
Correct Option: A

_______ is a static ruleset based Java source code analyzer that identifies potential problems.
technology security

  1. Ounce

  2. DevInspect

  3. Fortify

  4. PMD

Show answer
Correct Option: D

_______ is a free static code analysis tool from Microsoft that analyzes the compiled object code for conformance to Microsoft's .NET Framework Design Guidelines.
technology security

  1. Ounce

  2. WebGoat

  3. FxCop

  4. Visual Studio

Show answer
Correct Option: C

_______ is an Open Source (GPL) web server scanner which performs comprehensive tests against web servers
technology security

  1. Nikto

  2. GreaseMonkey

  3. Sqlmap

  4. O2

Show answer
Correct Option: A

Which among the following is an interactive HTTP/S proxy server for attacking and testing web applications ?
technology security

  1. WebGoat

  2. BeEF

  3. Burp

  4. Ounce

Show answer
Correct Option: C