Web Security Threats Quiz
106 Questions
0 Views

Choose a study mode

Play Quiz
Study Flashcards
Spaced Repetition
Chat to lesson

Podcast

Play an AI-generated podcast conversation about this lesson

Questions and Answers

Which element in HTML5 is used as a grouping of content, e.g. chapters or tabbed pages?

  • (correct)
  • What is the purpose of the 'autoplay' attribute in HTML5 video element?

  • To mute the video by default
  • To prevent the video from downloading until the user initiates it
  • To pause the video as soon as the page loads
  • To start downloading the video file as soon as the page loads and play it automatically (correct)
  • Which type of files are supported by the HTML5 video element for multimedia integration?

  • Text files
  • Executable files
  • Image files only
  • Video and audio files (correct)
  • Which HTML5 element is used to insert multimedia content like audio and video?

    <p>and</p> Signup and view all the answers

    What is the purpose of TOR (The Onion Router) network?

    <p>To provide an anonymous path between the user and the websites visited</p> Signup and view all the answers

    Which type of web can only be accessed by individuals with logins for the websites?

    <p>Invisible Web (intranet)</p> Signup and view all the answers

    Which attack was the first to include a Programmable Logic Controller (PLC) rootkit?

    <p>Stuxnet</p> Signup and view all the answers

    What was the significant outcome of the Yahoo breach?

    <p>It became one of the top corporate hacks</p> Signup and view all the answers

    What is the primary objective of phishing?

    <p>To gain control of accounts through malicious links</p> Signup and view all the answers

    What is the primary goal of ransomware attacks?

    <p>To encrypt files and demand ransom payment</p> Signup and view all the answers

    What is the main feature of SQL injection attacks?

    <p>Maliciously altering website databases</p> Signup and view all the answers

    What is the primary purpose of brute force attacks?

    <p>To guess usernames, passwords, or other unique user identifiers</p> Signup and view all the answers

    Which HTML5 feature enables web applications to store data locally and operate offline?

    <p>Persistent local storage</p> Signup and view all the answers

    What is the #1 vulnerability in web security according to the text?

    <p>Cross-site scripting (XSS)</p> Signup and view all the answers

    Which HTML5 feature enhances web interactivity with new APIs for tasks like drag-and-drop and file handling?

    <p>New form elements and attributes</p> Signup and view all the answers

    What HTML5 feature ensures cross-platform compatibility for a consistent user experience across browsers and devices?

    <p>Scalable vector graphics (SVG)</p> Signup and view all the answers

    What is Diceware?

    <p>A method using a word list and dice to create a passphrase</p> Signup and view all the answers

    What is the primary defense mechanism to stop Cross-site scripting (XSS)?

    <p>Contextual output encoding/escaping</p> Signup and view all the answers

    What does Clickjacking involve?

    <p>Tricking users into clicking on invisible iframes positioned above clickable buttons on websites</p> Signup and view all the answers

    What is JSON with Padding (JSONP) used for?

    <p>Bypassing the same-origin policy by using JSON in combination with the script tag to execute functions and retrieve information from a server</p> Signup and view all the answers

    Who coined the term 'computer virus'?

    <p>Adleman</p> Signup and view all the answers

    What is the most popular algorithm for public key encryption?

    <p>RSA</p> Signup and view all the answers

    What is the primary purpose of the private key in public key cryptography?

    <p>For privacy</p> Signup and view all the answers

    What is involved in determining the private key from the public key in RSA encryption?

    <p>Factoring very large numbers</p> Signup and view all the answers

    What is the purpose of hash functions in public key cryptography?

    <p>To map large objects to unique small values</p> Signup and view all the answers

    What is the primary difference between SOAP and REST?

    <p>SOAP is a protocol for exchanging XML-based messages, while REST is a software architectural style for distributed hypermedia systems.</p> Signup and view all the answers

    What is a key characteristic of JSON-RPC?

    <p>It is a protocol for exchanging JSON-encoded messages instead of XML.</p> Signup and view all the answers

    What is a best practice for implementing REST services?

    <p>Provide a URI for each resource that you want exposed.</p> Signup and view all the answers

    What is a characteristic of Amazon Associates web services?

    <p>It is targeted at third-party site owners looking to build more effective sponsored affiliate links to Amazon products.</p> Signup and view all the answers

    What is the primary purpose of Apple's iCloud service for developers?

    <p>To place all information captured on any Apple device into the cloud, making it immediately available to all other Apple devices.</p> Signup and view all the answers

    What is the primary purpose of a Certificate Authority (CA) in the context of SSL?

    <p>Verifying the identity of entities and issuing digitally signed electronic certificates</p> Signup and view all the answers

    What is the main function of DNS redirection and round-robin in the context of load balancing?

    <p>Evenly distributing web requests and preventing overutilization of servers</p> Signup and view all the answers

    What is the role of SSL (Secure Sockets Layer) protocol in web communication?

    <p>Establishing an encrypted link between server and client for secure electronic commerce</p> Signup and view all the answers

    What is the purpose of cryptographic hash functions like MD5 and SHA in secure web communication?

    <p>Mapping values to numbers for message integrity and security</p> Signup and view all the answers

    What is the primary factor in the selection of a web platform according to the text?

    <p>Capacity, cost, maintenance, security, and development support</p> Signup and view all the answers

    Which server is preferred over Apache due to its lower memory usage and better ability to handle high traffic?

    <p>NginX</p> Signup and view all the answers

    What is the primary purpose of proxy servers on the client-side, known as forward proxy servers?

    <p>Control access to restricted sites and enhance performance through caching</p> Signup and view all the answers

    Which HTTP headers are utilized for validation and control how browser caches and proxies handle objects?

    <p>Last-Modified and ETags</p> Signup and view all the answers

    What are REST services based on?

    <p>Representational State Transfer</p> Signup and view all the answers

    What is crucial for financial transactions and commonly used in SOAP-based web services?

    <p>XML security and encryption</p> Signup and view all the answers

    What is the primary difference between virtual machines (VMs) and containers?

    <p>VMs virtualize the hardware, while containers virtualize the operating system.</p> Signup and view all the answers

    What was the revolutionary aspect of virtual machines (VMs) in terms of server utilization?

    <p>They allowed multiple operating systems to run concurrently on a single physical machine.</p> Signup and view all the answers

    What is a drawback of virtual machines (VMs) mentioned in the text?

    <p>They are expensive.</p> Signup and view all the answers

    What is a common misconception about Function as a Service (FaaS) in serverless computing?

    <p>It reduces the need for DevOps and tooling</p> Signup and view all the answers

    What is a critical role in designing microservices-based applications on Function as a Service (FaaS)?

    <p>Responsiveness</p> Signup and view all the answers

    What is a key feature of mature serverless platforms in terms of job processing?

    <p>Inbuilt support for long-running jobs and batch processing</p> Signup and view all the answers

    Which method is NOT mentioned in the text as a way to opt out of cookies?

    <p>Manually editing the cookie files in the browser's directory</p> Signup and view all the answers

    What is the purpose of using the 'do not track' option in browser settings?

    <p>To prevent websites from tracking user behavior for targeted advertising</p> Signup and view all the answers

    What is the primary function of the Evercookie JavaScript API?

    <p>To generate extremely persistent cookies in a browser</p> Signup and view all the answers

    What is the potential limitation of using opt-out cookies downloaded by clicking a button?

    <p>They may conflict with existing cookies in the browser</p> Signup and view all the answers

    What is the purpose of using cookie management tools in a web browser?

    <p>To view and delete unwanted cookies</p> Signup and view all the answers

    What is a key advantage of serverless architectures over traditional virtual machines (VMs)?

    <p>Serverless applications automatically scale with the number of requests and are billed based on the exact amount of resources consumed.</p> Signup and view all the answers

    What is a distinguishing feature of containers compared to virtual machines (VMs)?

    <p>Containers share the host system's kernel, allowing for quick scaling and reduced resource usage.</p> Signup and view all the answers

    Which technology abstracted the execution environment from the code, marking the birth of serverless development?

    <p>AWS Lambda</p> Signup and view all the answers

    What is the primary difference between session and persistent cookies?

    <p>Session cookies are stored temporarily and are deleted when the browser is closed, while persistent cookies are stored for a longer period of time.</p> Signup and view all the answers

    What is the purpose of secure cookies?

    <p>To encrypt cookie data for secure transmission over HTTPS.</p> Signup and view all the answers

    In what way do third-party cookies differ from first-party cookies?

    <p>Third-party cookies are set by a domain other than the one the user is currently visiting, while first-party cookies are set by the domain of the website being visited.</p> Signup and view all the answers

    What happens when a new cookie with the same name, domain, and path as an existing cookie is encountered?

    <p>The old cookie is overwritten with the new cookie</p> Signup and view all the answers

    What is the purpose of marking a cookie with a special 'secure' keyword?

    <p>To ensure the cookie is sent over HTTPS only as a security feature</p> Signup and view all the answers

    How are client-side cookies set and sent via JavaScript?

    <p>Using the document.cookie property</p> Signup and view all the answers

    What is the primary purpose of AJAX in web development?

    <p>To update web pages seamlessly without reloading the entire page</p> Signup and view all the answers

    What is the benefit of using AJAX in terms of server load and bandwidth?

    <p>It reduces server load and bandwidth usage by updating only parts of a web page</p> Signup and view all the answers

    How does AJAX contribute to the speed and responsiveness of web applications?

    <p>By processing and transferring less data, making web applications feel faster</p> Signup and view all the answers

    What type of web applications benefit from the real-time data update capability provided by AJAX?

    <p>Chat boxes, live feeds, and real-time data visualization</p> Signup and view all the answers

    Which technologies are involved in the concept of AJAX in web development?

    <p>HTML/CSS, JavaScript, and XML</p> Signup and view all the answers

    What is the key characteristic of AJAX in terms of updating web pages?

    <p>It allows web pages to be updated asynchronously without reloading the entire page</p> Signup and view all the answers

    Which API provides a more modern, promise-based approach to making asynchronous requests?

    <p>Fetch API</p> Signup and view all the answers

    What is the responsibility of the server when handling CORS for cross-origin requests?

    <p>To include appropriate CORS headers in the response</p> Signup and view all the answers

    What is the purpose of the 'Origin' header added by the browser when making a cross-origin request?

    <p>To indicate the origin of the request</p> Signup and view all the answers

    What is the primary reason for the browser to enforce CORS?

    <p>To prevent malicious websites from reading sensitive data from other sites</p> Signup and view all the answers

    What is the significance of the 320 by 480-pixel screen mentioned in the text?

    <p>It highlights the need to focus on the most important content for mobile devices</p> Signup and view all the answers

    What is the primary reason for designing alternative '.mobi' sites for mobile web?

    <p>To create an alternative site optimized for mobile devices</p> Signup and view all the answers

    What is the primary role of using geo-location in optimizing the mobile experience?

    <p>To tailor content based on the user's location</p> Signup and view all the answers

    What is the primary advantage of the Fetch API over XMLHttpRequest for new development?

    <p>It provides a more modern, promise-based approach</p> Signup and view all the answers

    What is the primary technology used in AJAX to request data from a server?

    <p>XMLHTTPRequest</p> Signup and view all the answers

    Which data formats can AJAX work with?

    <p>JSON, HTML, and plain text</p> Signup and view all the answers

    What does AJAX heavily rely on for dynamic display and interaction with fetched server data?

    <p>JavaScript</p> Signup and view all the answers

    Which technology is an alternative to XMLHttpRequest, providing CORS and easy usage for REST calls?

    <p>Fetch API</p> Signup and view all the answers

    What is the full form of AJAX?

    <p>Asynchronous JavaScript and XML</p> Signup and view all the answers

    How can AJAX be recognized?

    <p>fetch(), iframes, jQuery AJAX functions, and JavaScript code that invokes XMLHttpRequest</p> Signup and view all the answers

    What percentage of the end user response time is spent on the front-end according to the text?

    <p>80-90%</p> Signup and view all the answers

    What is the primary action to bypass the disk cache and request all the components to load the page?

    <p>Refresh the page</p> Signup and view all the answers

    What is the purpose of the 'Expires' and 'Last-Modified' headers in the context of caching?

    <p>Expires ensures the page is not cached, Last-Modified ensures the server checks if the page is blank</p> Signup and view all the answers

    What is the significance of the 80/20 performance rule mentioned in the text?

    <p>It emphasizes the need to optimize the 20% that affects 80% of the user experience</p> Signup and view all the answers

    What is the action to ensure most components are found in the disk cache and corresponding HTTP requests are avoided?

    <p>Refresh the page</p> Signup and view all the answers

    What is the primary focus when applying the 80/20 performance rule to web optimization?

    <p>Front-end optimization</p> Signup and view all the answers

    What is the primary difference between Functional/Stateless and Class/Stateful components in React?

    <p>Functional components do not maintain their own state, while Class components can maintain a state and have an independent existence</p> Signup and view all the answers

    What is the purpose of Props in React?

    <p>Props make components reusable by allowing them to receive data from the parent component</p> Signup and view all the answers

    Which technology is used to add responsive capabilities to React and replaces the Bootstrap JavaScript?

    <p>React-Bootstrap</p> Signup and view all the answers

    What is the core of React Native that allows for an easy learning curve and embodies all React’s principles and syntax?

    <p>React.js</p> Signup and view all the answers

    What is the primary difference between React and Angular?

    <p>React is a JavaScript library focused on the view layer, while Angular is a full-fledged MVC framework developed by Google</p> Signup and view all the answers

    What is the primary advantage of Angular over React?

    <p>Angular provides more out-of-the-box solutions and is more opinionated in its approach</p> Signup and view all the answers

    What is the framework for building native, cross-platform mobile apps using JavaScript and React?

    <p>React Native</p> Signup and view all the answers

    What does React Native implement in terms of CSS and its usage by startups for quicker development and cheaper resources?

    <p>React Native implements a strict subset of CSS and is used by startups for quicker development and cheaper resources</p> Signup and view all the answers

    What is the purpose of setting an Expires header in HTTP responses?

    <p>To instruct caches to remove the object from the cache sooner</p> Signup and view all the answers

    What is the primary purpose of using a CDN (content distribution network)?

    <p>To distribute content so downloads can come from a nearby location</p> Signup and view all the answers

    What is the recommended approach to reduce the number of HTTP requests for scripts, style sheets, and images?

    <p>Combine scripts, style sheets, and images into a single request using 'sprites'</p> Signup and view all the answers

    What is the main reason for moving scripts to the bottom of the HTML document?

    <p>To prevent JavaScript from blocking the rendering of the page</p> Signup and view all the answers

    What is the purpose of minifying JavaScript?

    <p>To remove unnecessary characters from the source code and reduce its size</p> Signup and view all the answers

    Why is it recommended to use external JavaScript and CSS files despite the increase in HTTP requests?

    <p>External JS and CSS files can be cached, reducing the need for repeated downloads</p> Signup and view all the answers

    What is the primary purpose of setting the Expires header and using a CDN in website optimization?

    <p>To improve performance by caching resources and reducing latency</p> Signup and view all the answers

    What is the main reason for putting stylesheets at the top and scripts at the bottom in website optimization?

    <p>To avoid delays in page rendering</p> Signup and view all the answers

    What is the role of Etags in website optimization?

    <p>To verify cached resources</p> Signup and view all the answers

    What is the primary focus of Yahoo's best practices for website optimization?

    <p>Flushing the buffer early</p> Signup and view all the answers

    What are the main challenges that ReactJS addresses?

    <p>2-way data binding complexity</p> Signup and view all the answers

    What distinguishes ReactJS from a fully-functional web app framework?

    <p>It provides a view layer library</p> Signup and view all the answers

    Study Notes

    Web Security Threats and Mitigations

    • Diceware uses a word list of 7,776 English words and involves rolling a dice 5 times to select a passphrase
    • Bill Burr, author of NIST 2003 password guidelines, regrets recommending passwords with uppercase, lowercase, numbers, special characters, and a minimum of 8 characters
    • Session hijacking involves impersonating a website user by compromising their session ID or cookies
    • Cross-site scripting (XSS) vulnerabilities allow attackers to inject client-side scripts into web pages, bypassing access controls
    • Contextual output encoding/escaping is the primary defense mechanism to stop XSS, with various escaping schemes for different contexts
    • Web applications can mitigate XSS by tying session cookies to the user's IP address and using HttpOnly flag to prevent client-side script access
    • Browser and plugin vulnerabilities pose risks and need to be patched by vendors, making it challenging for web application developers to address
    • Clickjacking involves tricking users into clicking on invisible iframes positioned above clickable buttons on websites
    • Injection attacks, such as SQL and JavaScript hijacking, occur when applications do not properly validate user input
    • JavaScript hijacking allows unauthorized access to confidential data by bypassing the Same Origin Policy using JSON with Padding (JSONP)
    • Search worms automate finding vulnerable web servers by sending crafted queries to search engines, evading random scanning and detection methods
    • JSON with Padding is a way to bypass the same-origin policy by using JSON in combination with the script tag to execute functions and retrieve information from a server

    Web Services, REST, and Proxy Servers Overview

    • Load balancing involves distributing requests to the least loaded servers, while proximity routing sends requests to the nearest server when geographically distributed.
    • Load balancing hardware prevents requests from reaching failed servers, and various technologies like DNS redirection and proxy servers aid in this process.
    • NginX is preferred over Apache due to its lower memory usage and better ability to handle high traffic, while Lighttpd follows NginX in performance.
    • Additional RAM or direct modules can enhance Apache's performance, and using NginX as a reverse proxy can improve overall server performance.
    • Proxy servers act as intermediaries for client requests and can be used for various purposes like caching, security, and anonymizing.
    • Proxy servers on the client-side, known as forward proxy servers, can control access to restricted sites and enhance performance through caching.
    • HTTP headers, such as Last-Modified and ETags, are utilized for validation and control how browser caches and proxies handle objects.
    • Web Services provide APIs for accessing a website's information across the Internet, with SOAP and REST being common implementation categories.
    • XML security and encryption are crucial for financial transactions and are commonly used in SOAP-based web services.
    • REST services, based on Representational State Transfer, use HTTP methods for server-to-client communication and often require OAuth user authentication.
    • Cloud services, including application hosting, backup and storage, content delivery, and DNS protection, are offered through APIs and commercial payment models.
    • REST is a software architecture style for distributed hypermedia systems, initially proposed by Roy Fielding and commonly used in modern web services.

    Understanding Cookies and Cookie-Based Marketing

    • Cookies can be set with an "expires=" parameter to specify the date for the cookie to be dropped.
    • Overwriting cookies occurs when a new cookie with the same name, domain, and path as an existing cookie is encountered, causing the old cookie to be discarded.
    • There is no specific mechanism for deleting cookies, but a common hack involves overwriting a cookie with a bogus value and backdating or setting a short-lived expiration.
    • "Protected" cookies can be marked with a special "secure" keyword, causing them to be sent over HTTPS only as a security feature.
    • Client-side cookies can be set and sent via JavaScript using the document.cookie property.
    • The document.cookie property maintains a list of cookies that can be read and written, providing an array of all cookies for a particular domain.
    • A cookie can be removed from the database either because it expires or the cookie file becomes too large, with browsers typically not storing more than 300 cookies, 20 cookies per web server, or more than 4K per cookie.
    • The escape() and unescape() functions are used to encode and decode cookie values, converting special characters to their hex equivalents and vice versa.
    • Cookie-based marketing involves advertisers using cookies to target specific ads to users and track their activity through third-party cookies.
    • Ad networks connect advertisers to websites that want to host advertisements, involving advertisers, website owners, the ad network, and visitors.
    • Doubleclick, now owned by Google, is an ad network that matches advertisements to users based on their profiles.
    • Google Analytics, a free web analytics tool, uses its own set of cookies to track visitor interactions, storing information such as time of the current visit, previous visits, and referred sites.

    Properties and Characteristics of AJAX

    • AJAX allows browsers to send and receive data from servers asynchronously, without interfering with the display and behavior of the existing page.
    • The XMLHttpRequest object is typically used in AJAX to request data from a server.
    • AJAX can work with various data formats including JSON, HTML, and plain text, not just XML.
    • AJAX heavily relies on JavaScript for dynamic display and interaction with fetched server data and can update the DOM in response to user interactions without page reloads.
    • AJAX can be used in conjunction with other web technologies like PHP, ASP.NET, and APIs to fetch data.
    • Modern browsers support AJAX, but the implementation details may vary.
    • AJAX must be implemented with security considerations in mind to protect data integrity and prevent unauthorized access.
    • AJAX, which stands for Asynchronous JavaScript and XML, is a combination of technologies including CSS, XHTML, DOM, XMLHTTPRequest, XML/JSON, and JavaScript.
    • AJAX applications are not just websites, they allow for smooth interaction, immediate data effectiveness, visual effects, and dynamic icons.
    • Traditional websites rely on server-side construction and interaction, while AJAX interfaces are manipulated by client-side JavaScript and are always responsive.
    • AJAX can be recognized through iframes, jQuery AJAX functions, fetch(), and JavaScript code that invokes XMLHttpRequest.
    • The Fetch API is an alternative to XMLHttpRequest, providing CORS and easy usage for REST calls, and is now included in all browsers.

    React and React Native Overview

    • React uses 1-way data binding and a virtual DOM for efficient updates, JSX for easy HTML and JS mixing, and provides excellent community support and dev tools
    • Components are the building blocks of React applications, allowing the UI to be split into reusable pieces
    • Functional/Stateless components do not maintain their own state, while Class/Stateful components can maintain a state and have an independent existence
    • State in React is a JavaScript object containing component data, accessed via this.state and updated using setState() method
    • Props make components reusable by allowing them to receive data from the parent component
    • React-Bootstrap is used to add responsive capabilities to React and replaces the Bootstrap JavaScript
    • React Native is a framework for building native, cross-platform mobile apps using JavaScript and React, with 5 levels of calls and bindings to native UI components
    • React.js is the core of React Native, which allows for an easy learning curve and embodies all React’s principles and syntax
    • React Native implements a strict subset of CSS and is used by startups for quicker development and cheaper resources
    • React is a JavaScript library focused on the view layer, while Angular is a full-fledged MVC framework developed by Google
    • Angular uses TypeScript and supports two-way data binding, RxJS, and a built-in dependency injection mechanism
    • React offers more flexibility and a simpler learning curve, while Angular provides more out-of-the-box solutions and is more opinionated in its approach. Both have large communities and are ideal for building SPAs.

    Website Optimization and ReactJS Overview

    • GIFs can have their Expires date set appropriately to remove the cookie sooner
    • Browser requests produce response status codes 200 (server sending back the image) and 304 (browser has the image in its cache)
    • Akamai is the largest content distribution network (CDN) provider
    • Initial 14 rules to optimize a website include making fewer HTTP requests, using a CDN, adding an Expires header, and compressing components using Gzip
    • Putting stylesheets at the top can block rendering in IE, while moving scripts to the bottom can avoid delays in page rendering
    • Making JavaScript and CSS external allows for caching, while reducing DNS lookups is recommended to improve performance
    • Minifying JS is the second best way to optimize, and avoiding redirects and duplicate scripts are also important
    • Etags are used to verify cached resources, and making AJAX cacheable and small is recommended
    • Yahoo's best practices include flushing the buffer early, using GET for AJAX requests, and reducing the number of DOM elements
    • ReactJS was developed by Facebook as a lightweight JavaScript library for building user interfaces in single-page applications
    • ReactJS is not a fully-functional web app framework, but it is used by popular companies like Netflix, Facebook, and Instagram
    • React tackles challenges by providing a view layer library and addressing issues with existing heavy-weight frameworks, 2-way data binding complexity, and performance-intensive updates to the real DOM

    Studying That Suits You

    Use AI to generate personalized quizzes and flashcards to suit your learning preferences.

    Quiz Team

    Related Documents

    exam 2 part 1.pdf
    AJAX Notes PDF
    Exam 2 Part 3 PDF
    HTML5 Exam Notes PDF

    Description

    Explore web security threats and their mitigations in this informative quiz. Test your knowledge on Diceware passphrases, session hijacking, XSS vulnerabilities, injection attacks, browser and plugin vulnerabilities, clickjacking, and more.

    More Like This

    Use Quizgecko on...
    Browser
    Browser