Web application security - the fast guide 1.1 | Page 112

Chapter 5 - Attack Execution the client
P a g e | 112
8. In Phishing attack:
a. The attacker main entry point is a vulnerability in the visual
representation of the site.
b. Normally Phishing site is hosted on a machine own and registered
by the attacker.
c. Attacker creates a powerful motive for victim to act and a
malicious link to click
d. Phishing is an exploit based attack because it depends on technical
vulnerabilities in the used HTTP protocol.
9. Passing critical information in hidden fields if it is not rechecked on
server:
a. It is secure as hiding obscurity prevent the attacker from capturing
the value
b. Is Secure if the value is hashed with known algorithm like MD5.
c. Is Secure if the value is hashed with unknown algorithm
d. None of the above.
10. Initiating an attack on a web application:
a. Can be as simple as changing a parameter in URL
b. Cannot be achieved only by securing the server
c. Is doable through methods that sometimes requires minimum
technical knowledge
d. All the above
Answers key
1
a
2
d
3
d
4
b
5
b
6
a
7
d
8
c
9
d
10
d