Which of the following are worms that propagate through e-mail?
Looksky worm
Warhol worm
Klez
Sober
Which of the following are XSS worms?
Samy worm
Bom Sabado
SQL Slammer
Sober worm
The principle of least privilege as it applies to Access control mandates that:
Group based access control should be implemented to assign permissions to application users
Consistent authorization checking should be performed on all application pages
A set of all allowable actions should be defined for each user role and all other's denied
All failed access authorization requests should be logged to a secure location for review by administrators
Which of the following is appropriate for customer emails regarding a limited time promotional offer?
Request that the user authenticate him/herself by replying to the email with their account credentials.
Personalized greeting line
Providing easy access to the customer's account via a “Click Here” style link
Sending the email from a domain set up specifically for the special offer
Cross Site Scripting is an attack against
Client (Browser)
Database
Web Application
Web Server
Which cookie flag, when set, will prevent their transmission over non secure channel?
Secure
Domain
Expires
Static
The main risk to a web application in a cross site scripting attack is …
Compromise of users
Loss of data integrity
Destruction of data
None of the above
Out of the following which can be considered as user input for which validation is not required
Host Header
Cookie
Referrer Header
Which languages are vulnerable to Cross Site Scripting attacks ?
Java
ASP.Net
Perl
All of the above
What does “White List” data validation means?
Data is validated against a list of values that are known to be valid
Data is validated against a list of values that are known to be invalid
Both of the above