Certified Ethical Hacker Web Application Security

Question 1

What is SQL injection and how is it typically exploited?

Accepted Answer

Inserting malicious SQL code into application input fields to manipulate the database

Answer

SQL injection exploits applications that incorporate user input into SQL queries without proper sanitization, allowing attackers to read, modify, or delete database data, bypass authentication, or execute OS commands.

Question 2

What is Cross-Site Scripting (XSS) and what are its types?

Accepted Answer

Injecting malicious scripts into web pages viewed by other users; types include stored, reflected, and DOM-based

Answer

XSS allows attackers to inject client-side scripts into web pages. Stored XSS persists in the database, reflected XSS bounces off the server in responses, and DOM-based XSS manipulates the page's DOM directly.

Question 3

What is CSRF (Cross-Site Request Forgery)?

Accepted Answer

Forcing an authenticated user's browser to send unauthorized requests to a web application

Answer

CSRF tricks a victim's browser into making unwanted requests to a web application where they're authenticated, exploiting the trust that a site has in the user's browser to perform actions without the user's knowledge.

Question 4

What is the OWASP Top 10?

Accepted Answer

A regularly updated list of the ten most critical web application security risks

Answer

The OWASP Top 10 is a standard awareness document identifying the most critical web application security risks, updated periodically, serving as a benchmark for web security best practices worldwide.

Question 5

What is session hijacking and how can it be prevented?

Accepted Answer

Stealing or predicting a valid session token to gain unauthorized access; prevented with HTTPS, secure cookies, and token rotation

Answer

Session hijacking involves stealing, predicting, or brute-forcing session tokens (cookies, URLs) to impersonate an authenticated user. Prevention includes HTTPS, HttpOnly/Secure cookie flags, session timeouts, and token regeneration.

Certified Ethical Hacker Practice Test

Certified Ethical Hacker Practice Test

Certified Ethical Hacker Web Application Security