CVA CVA Web Application & API Security

Question 1

Which OWASP Top 10 vulnerability occurs when user-supplied input is included in a web page without proper sanitization, allowing scripts to execute in a victim's browser?

Accepted Answer

Cross-Site Scripting (XSS)

Answer

SQL Injection

Answer

Insecure Direct Object Reference

Answer

Security Misconfiguration

Question 2

During a web application assessment, you discover that changing the 'user_id' parameter in a GET request reveals another user's account data. Which vulnerability is this?

Accepted Answer

Insecure Direct Object Reference (IDOR)

Answer

SQL Injection

Answer

CSRF

Answer

Broken Authentication

Question 3

Which HTTP method should be tested during a web application vulnerability assessment to check for unintended server-side functionality exposure?

Accepted Answer

PUT and DELETE

Answer

GET

Answer

POST

Answer

HEAD

Question 4

What is the primary purpose of testing for Server-Side Request Forgery (SSRF) in a web application?

Accepted Answer

To make the server perform requests to internal or external resources on behalf of the attacker

Answer

To steal session cookies

Answer

To bypass SSL certificate validation

Answer

To enumerate valid usernames

Question 5

When assessing REST API security, which attack involves sending crafted JSON payloads to exploit parsing differences between services?

Accepted Answer

JSON Interoperability Vulnerability

Answer

Mass Assignment

Answer

Parameter Pollution

Answer

Rate Limit Bypass

Question 6

Which tool is specifically designed to perform automated scanning of web application vulnerabilities including SQLi, XSS, and LFI?

Accepted Answer

Nikto

Answer

Nmap

Answer

Wireshark

Answer

Metasploit