Certified Ethical Hacker Web Application Security

Question 1

What is SQL injection and how is it typically exploited?

Accepted Answer

Inserting malicious SQL code into application input fields to manipulate the database

Answer

Injecting JavaScript into web pages

Answer

Overflowing a buffer with SQL commands

Answer

Modifying SQL Server configuration files

Question 2

What is Cross-Site Scripting (XSS) and what are its types?

Accepted Answer

Injecting malicious scripts into web pages viewed by other users; types include stored, reflected, and DOM-based

Answer

A method for cross-referencing websites

Answer

A technique for copying scripts between servers

Answer

A browser extension for scripting

Question 3

What is CSRF (Cross-Site Request Forgery)?

Accepted Answer

Forcing an authenticated user's browser to send unauthorized requests to a web application

Answer

Creating fake websites that look real

Answer

Forging digital certificates for HTTPS

Answer

Stealing cookies through JavaScript

Question 4

What is the OWASP Top 10?

Accepted Answer

A regularly updated list of the ten most critical web application security risks

Answer

The top 10 web development frameworks

Answer

The 10 most popular websites

Answer

The top 10 antivirus products

Question 5

What is session hijacking and how can it be prevented?

Accepted Answer

Stealing or predicting a valid session token to gain unauthorized access; prevented with HTTPS, secure cookies, and token rotation

Answer

Hijacking a user's keyboard during a session

Answer

Taking control of a web server's CPU

Answer

Blocking users from logging into their accounts

Question 6

What is directory traversal (path traversal) attack?

Accepted Answer

Manipulating file path inputs to access files outside the intended directory

Answer

Navigating through website pages normally

Answer

Scanning all directories on a web server

Answer

Creating new directories on the server