CC536 Cyber Security: Web Attacks and SQL Injection
16 Questions
0 Views

Choose a study mode

Play Quiz
Study Flashcards
Spaced Repetition
Chat to lesson

Podcast

Play an AI-generated podcast conversation about this lesson

Questions and Answers

What is the primary function of a web browser?

  • To interface with the client
  • To request a resource and render it for the user (correct)
  • To keep 'state' using session cookies
  • To transmit resources to the client

    • What is the purpose of session cookies in a web application?

  • To transmit resources to the client
  • To render dynamic content
  • To keep 'state' in a stateless communication (correct)
  • To interface with the client

    • What is the main difference between stateless and stateful communication?

  • Stateless communication does not retain user information (correct)
  • Stateless communication retains user information
  • Stateful communication uses session cookies
  • Stateless communication uses session cookies

    • What is the purpose of SQL queries?

    <p>To ask questions to the database</p> Signup and view all the answers

    What is the potential risk of using user input in SQL queries?

    <p>It may allow an attacker to change the meaning of the query</p> Signup and view all the answers

    What would happen if the 'user' variable in the given PHP code is a malicious string?

    <p>The query would change the meaning of the query</p> Signup and view all the answers

    What is the main vulnerability exploited in SQL injection attacks?

    <p>Unsanitized user input in SQL queries</p> Signup and view all the answers

    What is the purpose of input validation in preventing SQL injection?

    <p>To prevent malicious code from being executed</p> Signup and view all the answers

    What is the result of injecting NULL UNION SELECT * FROM users in an SQL query?

    <p>The query returns the full list of users in the database</p> Signup and view all the answers

    What is the purpose of using comments in SQL injection attacks?

    <p>To discard remaining clauses of the query</p> Signup and view all the answers

    How can an attacker bypass string escaping in an SQL query?

    <p>By adding two single quotes at the end of the input</p> Signup and view all the answers

    What is the effect of injecting anything' = ' in an SQL query?

    <p>The query always evaluates to TRUE</p> Signup and view all the answers

    What is the recommended approach to preventing SQL injection attacks?

    <p>Whitelisting known good characters</p> Signup and view all the answers

    What is the purpose of input filtering in preventing SQL injection?

    <p>To sanitize user input and prevent code injection</p> Signup and view all the answers

    What is the result of injecting ’; DROP TABLE USERS; -- in an SQL query?

    <p>The query deletes the USERS table</p> Signup and view all the answers

    What is the primary difference between SQL injection and command injection?

    <p>SQL injection targets databases, while command injection targets operating systems</p> Signup and view all the answers

    More Like This

    Use Quizgecko on...
    Browser
    Open
    Browser
    Browser