Web application security - the fast guide 1.1

Chapter 7 - Attack execution (3) P a g e | 156 b. No filters on Entity and system keywords c. Echo functionality is available. d. All the above 8. Web services soap attack can be stopped by: a. Validation of input b. Client is using different operating system or system architecture c. Web service receives parameters through POST not GET. d. None of the above 9. Attacker might be able to use: a. Debugging files on the server to initiate account b. Installation files for packages installed on the web server c. Old packages with common vulnerabilities d. All the above. 10. Even though accessing the log files is a difficult task attacker can alternatively: a. Proxy its activities by a zombie machine b. Access the application through https to hide the origin of request. c. Hide the attack by injecting xml instead of plain text. d. Use hidden fields to hide the origin and avoid logging. Answers key 1 d 2 c 3 c 4 c 5 a 6 d 7 d 8 a 9 d 10 a

Web application security - the fast guide 1.1 | Page 156