Web application security - the fast guide 1.1 | Page 111

Chapter 5 - Attack Execution the client
P a g e | 111
5.21 QUIZ:
1. All the following attacks are exploit based attack EXCEPT:
a. Clickjacking attack
b. JSON Hijacking.
c. Flash cookies Hijacking
d. Cookie tampering
2. Cookie tampering attack can success only if:
a. Client has enabled JavaScript in order to write the cookie
b. The server send the cookie encrypted
c. The time between writing the cookie and resend request to the
server is less than session time.
d. The server is not checking the value sent through the cookie.
3. Flash based application can be exploited through:
a. The manipulation of .lso files
b. Intercepting messages between the server and flash using burp
and alter contents.
c. Decompiling flash application using Flare.
d. All the above
4. Clickjacking depends on:
a. Embedding a malicious JavaScript code to auto click a button.
b. Projection of a malicious fake page over a transparent legitimate
privileged page.
c. Force the victim to push a button on the attacker website that will
show all data on the attacker machine.
d. All the above
5. Viewstate value can be altered easier:
a. When the backend logic is created with PHP or JSP
b. When (MAC) method is not enabled
c. When the object stored in ViewState has high complexity
d. All the above.
6. Invalidating session is important when invalidating credentials of an
account in application working in fast changing environment:
a. Because it will prevent the extending and usage of existing session
b. Because it will prevent any Form based attack
c. It will help in minimizing the threat of Refer Header Attack
d. All the above
7. For JSON Hijack attack to success:
a. Victim should access a vulnerable site that respond to get request.
b. Victim should access attacker site
c. Vulnerable site should send JSON Array.
d. All the above