Web Security Fundamentals

Choose a study mode

Play Quiz
Study Flashcards
Spaced Repetition
Chat to Lesson

Podcast

Play an AI-generated podcast conversation about this lesson
Download our mobile app to listen on the go
Get App

Questions and Answers

Which of the following techniques is most effective for preventing SQL injection attacks?

  • Using parameterized queries or prepared statements (correct)
  • Escaping all user-supplied input
  • Implementing strong password policies
  • Disabling error messages in production

Cross-Site Scripting (XSS) attacks can only be performed on websites that use JavaScript.

False (B)

What is the primary purpose of using a Content Security Policy (CSP)?

To mitigate Cross-Site Scripting (XSS) attacks by controlling the resources the browser is allowed to load for a specific webpage.

The principle of __________ __________ requires granting users only the minimum levels of access rights needed to perform their job functions.

<p>least privilege</p> Signup and view all the answers

Match each security term with its corresponding description:

<p>DDoS = An attack that overwhelms a system with traffic, making it unavailable. Phishing = A fraudulent attempt to obtain sensitive information by disguising as a trustworthy entity. Man-in-the-Middle = An attack where an attacker secretly relays and possibly alters the communication between two parties. Ransomware = Malicious software that blocks access to a computer system until a sum of money is paid.</p> Signup and view all the answers

Which of the following is a common method for securing data in transit?

<p>Implementing HTTPS with TLS/SSL (C)</p> Signup and view all the answers

Salting passwords before hashing makes them completely immune to rainbow table attacks.

<p>False (B)</p> Signup and view all the answers

Briefly explain what a 'buffer overflow' is and why it's a security risk.

<p>A buffer overflow occurs when a program writes data beyond the allocated buffer, potentially overwriting adjacent memory and allowing attackers to inject malicious code.</p> Signup and view all the answers

In the context of web security, __________ is an attack that exploits the trust a website has in a user.

<p>Cross-Site Request Forgery (CSRF)</p> Signup and view all the answers

Match each secure coding practice with its corresponding benefit:

<p>Input Sanitization = Prevents injection attacks by ensuring user input conforms to expectations. Principle of Least Privilege = Limits the damage an attacker can do by restricting access rights. Regular Security Audits = Identifies vulnerabilities and weaknesses in the system. Secure Configuration Management = Reduces the attack surface by properly configuring security settings.</p> Signup and view all the answers

Which of the following is a key benefit of using a Web Application Firewall (WAF)?

<p>Filtering and monitoring HTTP traffic between a web application and the Internet (C)</p> Signup and view all the answers

Using eval() in JavaScript is generally considered a safe practice for parsing JSON data.

<p>False (B)</p> Signup and view all the answers

Explain what is meant by 'defense in depth' in the context of cybersecurity.

<p>Defense in depth involves implementing multiple layers of security controls to protect assets. If one layer fails, other layers are in place to provide continued protection.</p> Signup and view all the answers

A __________ attack involves an attacker intercepting communication between two points to eavesdrop or manipulate the data.

<p>Man-in-the-Middle (MitM)</p> Signup and view all the answers

Match the following vulnerabilities with their common mitigation techniques:

<p>SQL Injection = Use parameterized queries or ORM (Object-Relational Mapping). Cross-Site Scripting (XSS) = Implement output encoding and Content Security Policy (CSP). CSRF (Cross-Site Request Forgery) = Use anti-CSRF tokens. Session Hijacking = Use secure cookies and proper session management.</p> Signup and view all the answers

What is the primary purpose of rate limiting in web application security?

<p>To mitigate brute-force attacks and prevent resource exhaustion (C)</p> Signup and view all the answers

It is generally safe to store API keys directly in client-side code (e.g., JavaScript) for easy access.

<p>False (B)</p> Signup and view all the answers

What are security headers, and provide an example of one commonly used security header.

<p>Security headers are HTTP response headers that provide instructions to the browser to help enhance the security of a web application. Example: Strict-Transport-Security (HSTS).</p> Signup and view all the answers

__________ is a security testing technique that involves providing invalid, unexpected, or random data as inputs to a program.

<p>Fuzzing</p> Signup and view all the answers

Match each authentication method with its characteristic:

<p>Multi-Factor Authentication (MFA) = Requires the user to provide two or more verification factors to gain access. OAuth = An open standard for access delegation, commonly used to grant websites or applications access to information on other websites without giving them passwords. Single Sign-On (SSO) = Allows users to authenticate with one set of credentials to access multiple applications. Biometric Authentication = Uses unique biological traits to verify a user's identity.</p> Signup and view all the answers

Flashcards are hidden until you start studying

More Like This

Use Quizgecko on...
Open
Browser
Browser