Web application security - the fast guide 1.1 | Page 137
Chapter 6 - Attack execution (2)
P a g e | 137
The developer uses single quote escape using another single quote to
prevent SQL injection and trimming functionality to limit the size of input
in a login form.
a. Attack the application using SQL injection benefiting from
trimming
b. Attack the application using authority horizontal escalation
c. Attack using the concept of iterative login
d. All the above.
9. Overlapped checks business logic vulnerability is about:
a. An iterative method that apply an overlapped check on the same
data with same out put
b. Sequence of Two methods that embed the same partial
functionality using different approaches
c. A method normally used in checking business logic validity to
insure secure access.
d. Al the above
10. In cross site scripting The main idea:
a. is to enable executing a script on the client side using code injected
in the backend
b. is executing a script on the client depending on poisoned data
benefiting from reflection effect.
c. Executing a script on the client extracted from url without the
involvement of the server as active part of attack.
d. All the above
Answers key
1
a
2
d
3
b
4
d
5
d
6
a
7
a
8
a
9
b
10
d