Web Service interfaces are prone to which of the following standard web application attacks ?
SQL Injection
Denial of Service
XML Injection
All of the above
Which of the following method would be proper to use when encrypting personal information
XOR'ing with a cryptographically secure random number
Triple DES
DES-CBC 56bits
Salted hash with a cryptographically secure random number
A race condition in a web server can cause …
Resources to become unavailable to legitimate users
Cross Site Tracing
Server Instability
Both A and B
In which type of language can Buffer over flows occur?
Pure C++
Any file type on a web server
Pure C#
Pure Java
Cross Site Scripting is an attack against
Client (Browser)
Database
Web Application
Web Server
Which cookie flag, when set, will prevent their transmission over non secure channel?
Secure
Domain
Expires
Static
The main risk to a web application in a cross site scripting attack is …
Compromise of users
Loss of data integrity
Destruction of data
None of the above
Out of the following which can be considered as user input for which validation is not required
Host Header
Cookie
Referrer Header
It is a leading practice to suppress detailed errors in the following places:
Web Server configuration files
Application configuration files
Application error handlers
Which of the following is true regarding reverse engineering of compiled Java code
Java sand box environment provides protection against decompilation
Java is compiled into ELF binaries and cannot be decompiled
Java byte code can always be decompiled, code obfuscators can make the reverse engineering process more time confusing but cannot prevent it
Java is difficult to decompile because the Just-In-Time compiler automatically perform string encryption by default