Ethical Hacking Web Application Security

Question 1

Which OWASP Top 10 vulnerability occurs when untrusted data is sent to an interpreter as part of a command?

Accepted Answer

Injection

Answer

Broken Authentication

Answer

Security Misconfiguration

Answer

Insecure Deserialization

Question 2

What does XSS stand for in web application security?

Accepted Answer

Cross-Site Scripting

Answer

Cross-Server Scanning

Answer

Extensible Security Schema

Answer

Cross-Site Session

Question 3

Which Burp Suite feature is used to intercept and modify HTTP requests between a browser and web server?

Accepted Answer

Proxy

Answer

Scanner

Answer

Intruder

Answer

Repeater

Question 4

What is a CSRF attack?

Accepted Answer

Forging requests from an authenticated user's browser

Answer

Injecting scripts into a web page

Answer

Stealing session cookies via XSS

Answer

Bypassing login with SQL injection

Question 5

Which HTTP response header helps prevent XSS attacks by restricting which content can be loaded on a page?

Accepted Answer

Content-Security-Policy

Answer

X-Frame-Options

Answer

Strict-Transport-Security

Answer

X-Content-Type-Options

Question 6

What is directory traversal in web application hacking?

Accepted Answer

Accessing files outside the web root by manipulating path variables

Answer

Brute forcing directory names

Answer

Enumerating hidden directories with tools

Answer

Injecting code into file upload fields