Quiz

Test your knowledge.

Are you prepared to block software attacks? Complete the quiz below to find out.

Question 1

What authentication strategy is best fit for a Java EE multi-user application which contains a public section and a restricted area?

Enforce authentication on every page public or not.

Implement an authentication filter, allow access to all resources with the exception of the restricted area.

Implement an authentication filter, restrict access to all resources with the exception of the public area.

Perform authentication in each JSP as needed.

Question 2

Which of the options below best describes how to identify a user's role?

String role=request.getParameter("role");

String uid=request.getParameter("id"); String role = Database.getRole(uid);

String role=document.cookie.indexOf('isAdmin')!=-1

String role=(String)session.getAttribute("role");

Question 3

What is the best method to avoid Authorization Bypass issues?

Conduct static analysis scans regularly.

Refactor the code so resources are separated according to roles. Determine access to resources based on the user role.

Check the roles in each privileged section with if statements and perfom code reviews to ensure logical issues are avoided.

Using platform authentication.

Question 4

What is the best way to store user passwords in a database?

Use pbkdf2 with 10000 iterations and a salt.

Use asymetric encryption, RSA with 2048 key size.

Hash the passwords with a SHA-2 algorithm.

Use MD5.

Question 5

Which of the following hashing algorithms is NOT out-dated?

SHA-1

SHA-2

MD5

XOR

Question 6

Which communication protocol would you select for your server configuration ?

SSLv3. It is the best protocol for compatibility with all browsers.

TLS1.0. It is stronger than SSL and supported by all browsers

TLS1.2 or TLS 1.3.

Custom protocol based on AES 256 ECB encryption algorithm.

Question 7

You are implementing a TLS client, but your test server has a self-signed certificate and the connection fails.

Import the self-signed certificate in your trusted certificate store.

Disable certificate validation the connection is encrypted anyways.

Disable certificate validation for the time being. Re-enable it back at the end of the sprint.

Make no changes to your dev environment. Use a `http://` URL.

Question 8

The following snippets represent an account lockout mechanism. Which of the following choices has a vulnerability?

short tries=(short)session.getAttribute("tries"); tries++; isLockedOut=tries>5; session.setAttribute("tries",tries);

short tries=(short)session.getAttribute("tries"); tries++; isLockedOut=tries>5 || tries<0; session.setAttribute("tries",tries);

short tries=(short)session.getAttribute("tries"); if(tries<MAX_SHORT) tries++; isLockedOut=tries>5; session.setAttribute("tries",tries);

Question 9

Which of the following statements about account lockout is against security best practices?

Two factor authentication prevents password guessing attacks.

It is the user's responsibility to configure a strong password. Brute force attacks won't work against a good password

When handling user authentication, applications should provide account lockout and password policy enforcement mechanisms.

Question 10

Which is the best way to ensure the integrity of software updates?

Hash the software with a SHA-2 hash and ship the hash along with the update package.

Encrypt the software with a hard-coded password and download over unencrypted connection to improve performance.

Download over a trusted, secure connection. Reject invalid download server certificates.

Digitally sign the code using a certificate issued by a public trusted CA. Download over valid TLS.

Question 11

Which of the snippets below has a security issue?

response.sendRedirect("http://google.com");

response.sendRedirect(request.getParameter("redirect"));

response.sendRedirect(UrlResourceManager.get(request.getParameter("pageId")));

Question 12

Which of the following is the most effective defense against XSS?

Input Allow Listing

Sanitize output by removing tag symbols.

Allow only safe input where possible. Neutralize output through output encoding and safe DOM updates.

Block any values containing the following regex: 'img|script|on|iframe'

Question 13

Which of the following HTTP response headers prevents "Inclusion of Functionality from Untrusted Control Sphere" and increases the attack complexity for XSS.

X-XSS-Protection: 1; mode=block

Content-Security-Policy: script-src ‘self’

X-Frame-Options:deny

Strict-Transport-Security: max-age=31536000

Question 14

Which is the most effective protection against Cross-Site Request Forgery?

Add an additional authentication header to the request that is not a cookie or platform authentication.

Check that the referer header matches the host of the application.

Enforce platform authentication

Add a forgery prevention image during authentication.

Question 15

Which of the following extensions is considered dangerous during a file upload to a Java EE application?

XML

CSV

PNG

JSP

Question 16

Which of the following best prevents path traversal?

Input Allow Listing

Sanitizing ../ from the user input.

Indirect object references.

Hardening Linux file permissions.

Question 17

Can XML files be used to "steal" data from system where the application is running?

Not really, XML files are just text files. They are not executable.

No but a very large XML file can crash Java and cause Availability Impact.

Only if there is a buffer overflow in the XML parser.

XML variables defined in the DTD can be populated with contents of files.

Question 18

The support team has created a maintenance bash script that they have provided to many customers. There are requests to productize the script, so customers no longer have to SSH into the boxes. Which approach should you take?

Rewrite the script in Java. The application should be self-contained and should not depend on shell scripts. This may take longer but it's cleaner.

Cleanup the script, then create a servlet that takes the user input then launches the script on demand and shows the output to the user.

Implement input sanitization and filter out hazardous characters. Call the script but run with limited privileges. This will save time and it's safe.

Implement a web shell where customers can pass in any shell command they want as root.

Question 19

Your application needs to run an operation with elevated privileges. Which approach should you take?

Run the application as root always. This will make sure there are no issues.

Ask the user to execute the operation via SSH.

Use setuid flags on a program dedicated to the privileged operation only.

Add the application user to /etc/sudoers. Execute the critical functionality as a bash script that you launch with sudo.

Question 20

You must implement a feature that allows users to download server logs. What is the best way to implement it?

Change the permissions on a WebContent directory to allow tomcat to write to it. Configure the service to use that as a log directory.

Create a servlet that gets the files and sends them on the response, based on a file id. Check that the user is admin.

Create a symlink from the WebContent directory to the tomcat logs directory.

Question 21

Which of the statements below protects from SQL Injection?

query="SELECT * FROM users WHERE ou='"+request.getParameter("ou")+"' ORDER BY name "+request.getParameter("sort")

query="SELECT * FROM users WHERE ou='?' ORDER BY name ?"

query="SELECT * FROM users WHERE ou='"
+request.getParameter("ou").replace("\"","")+"' ORDER BY name "
+request.getParameter("sort").replace("\"","")

query="SELECT * FROM users WHERE ou='%s' ORDER BY name %s"

Question 22

Which of the following functions is considered safer?

scanf

gets

strcmp

snprintf

Question 23

Which of the following snippets is a format string injection vulnerability?

gets(a); printf("Value %s is invalid!",a);

Runtime.getRuntime().exec("%s",a);

gets(a); printf("Value is invalid:"); printf(a);

query=String.format("SELECT * FROM users WHERE id='%s'",a)

Question 24

How can you best protect against buffer overflow?

Allocate large buffers.

Limit the size of the input by using fgets.

Ensure the size of the input matches the size of the buffer.

Use safe compiler flags.

Question 25

Which is the best way to prevent Deserialization attacks?

Use a safe data parser. Only accept input from trusted sources. Keep libraries up to date.

Input validation and output encoding.

Use only JSON, XML and YML formats.

Use base64 encoded objects.