eJPT Web Application Security & Testing

Question 1

What is SQL injection in web application security?

Accepted Answer

Inserting malicious SQL queries to manipulate the database.

Answer

SQL injection is a web security vulnerability that allows an attacker to interfere with the queries an application makes to its database. By inserting malicious SQL code into input fields, an attacker can trick the database into executing unintended commands. This can lead to unauthorized access to sensitive data, modification of data, or even complete control over the database server.

Question 2

What is Cross-Site Scripting (XSS)?

Accepted Answer

Injecting malicious scripts into web pages viewed by others.

Answer

Cross-Site Scripting (XSS) is a type of web security vulnerability that enables attackers to inject client-side scripts into web pages viewed by other users. When a victim loads the compromised page, their browser executes the malicious script, which can then steal session cookies, deface websites, or redirect users to malicious sites. XSS exploits the trust a user has in a particular website.

Question 3

What is the purpose of web application firewalls (WAF)?

Accepted Answer

To monitor and filter HTTP traffic for security.

Answer

A Web Application Firewall (WAF) is a security solution specifically designed to protect web applications from various attacks by filtering and monitoring HTTP traffic. Unlike traditional network firewalls, WAFs understand the intricacies of web application protocols and can detect and block attacks like SQL injection, XSS, and CSRF. It acts as a reverse proxy, inspecting requests before they reach the web server.

Question 4

How can session hijacking occur in web application security?

Accepted Answer

By intercepting and stealing session tokens.

Answer

Session hijacking occurs when an attacker successfully gains control of a user's authenticated session with a web application. This is typically achieved by intercepting or stealing the session token (e.g., a cookie) that identifies the user to the server. Once the attacker has the valid session token, they can impersonate the legitimate user without needing their login credentials.

Question 5

What is the main goal of a web application penetration test?

Accepted Answer

To find and exploit vulnerabilities in the web application.

Answer

The main goal of a web application penetration test is to proactively identify and exploit security weaknesses within a web application's code, configuration, and underlying infrastructure. Testers simulate real-world attacks to uncover vulnerabilities such as SQL injection, XSS, broken authentication, and insecure direct object references. This helps organizations understand their security posture and remediate flaws before malicious actors can exploit them.

(eJPT) eLearnSecurity Junior Penetration Tester Certification Practice Test

(eJPT) eLearnSecurity Junior Penetration Tester Certification Practice Test

eJPT Web Application Security & Testing