Web application security - the fast guide 1.1 | Page 136

Chapter 6 - Attack execution (2)
P a g e | 136
6.18 QUIZ:
1. HTTP basic authentication have a limited use on internet because:
a. It sends credentials encoded unencrypted with base64 encoding
b. It cannot be used with https
c. It uses three level of PIN codes
d. All the above
2. Brute force attack is possible when:
a. No check for number of login failure.
b. A weak password.
c. client side check for number of login failure.
d. All the above
3. verbose messages for same functionality in the application can affect
security
a. because it represents a usability problem
b. because it provides attacker with a behavioral pattern
c. because it will minimize the ability to automate attacks.
d. All the above.
4. Attacking password can be done through:
a. Compromising the password management functionality
b. Benefit backdoors and administration special functionality
c. Compromise login counter and apply iterative approach.
d. All the above
5. Attacking password can be done through:
a. Compromising the password management functionality
b. Benefit backdoors and administration special functionality
c. Compromise login counter and apply iterative approach.
d. All the above
6. Horizontal authority is:
a. Access control over the same functionality but different users
b. Access different functionality with different access level
c. Different or same functionality over different or same access level
d. All the above
7. The most common type of attacks on the Databases is:
a. SQL injection
b. Session hijacking
c. JSON attack
d. All the above
8. How can the attacker compromise the application in the following
scenario:?