Scribd
Upload
249 views6 pages

OWASP: Avoiding Hacker Tricks

This document contains a review quiz on avoiding hacker tricks. It asks 13 multiple choice questions about common hacking techniques like SQL injection, cross-site scripting, and integer overflow. The answer key explains that these techniques exploit weaknesses like using dynamic SQL queries, exposing direct file references, and exceeding integer data type limits. Maintaining secure coding practices, validating inputs, and using encryption helps prevent attacks.

Uploaded by

Barış Güney Yılmaz
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
249 views6 pages

OWASP: Avoiding Hacker Tricks

This document contains a review quiz on avoiding hacker tricks. It asks 13 multiple choice questions about common hacking techniques like SQL injection, cross-site scripting, and integer overflow. The answer key explains that these techniques exploit weaknesses like using dynamic SQL queries, exposing direct file references, and exceeding integer data type limits. Maintaining secure coding practices, validating inputs, and using encryption helps prevent attacks.

Uploaded by

Barış Güney Yılmaz
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 6

OWASP: Avoiding Hacker Tricks

Review Questions:

1. Which of the following are advantages that attackers have? (Choose all that
apply)
A. They can attack at a strong point
B. They can choose the weakest point
C. They can probe for new exploits
D. They can attack at will

2. True or False: Neither code injection nor cross-site scripting occur in the client
application.
A. True
B. False

3. True or False: Cross-site scripting allows hackers to run malicious script in a


client's web browser.
A. True
B. False

4. Which of the following HTML tags can be embedded? (Choose all that apply)
A. <script>
B. <embed>
C. <code>
D. <applet>

5. True or False: Insecure direct object reference occurs when a direct reference to
a file, directory, etc. is exposed to a user.
A. True
B. False

6. Which of the following are important files that an attacker can access on the
server? (Choose all that apply)
A. Web.config
B. SAM file
C. Seattle.txt
D. HTTP file
7. Which of the following are steps toward preventing integer overflow? (Choose all
that apply)
A. Validate user input
B. Enter the right input
C. Use correct data type
D. Execute your code in a checked context

8. What percentage of computer users fall victim to cybercrime in their lifetimes?


A. 56%
B. 92%
C. 69%
D. 49%

9. True or False: Using cryptography is an element of secure coding.


A. True
B. False

10. Which of the following are common threats? (Choose all that apply).
A. Information disclosure
B. Identity hijacking
C. Buffer overflows
D. Query string manipulation

11. SQL injection does which of the following? (Choose all that apply)
A. Affects dynamic SQL queries
B. Submits data containing an SQL command
C. Affects client-side script
D. Exploits the trust a site has in a user's browser

12. True or False: SQL injection cannot be used to bypass authorization.


A. True
B. False

13. True or False: Integer overflow occurs when a calculation causes an integer to
exceed the max value allowed by its data type.
A. True
B. False
Answer Key:

1. B, C, D
Choosing the weakest point, probing for new exploits, and attacking at will are all
advantages that attackers have.

2. B
This statement is false.

3. A
True. Cross-site scripting allows hackers to run malicious script in a client's web
browser.

4. A, B, C, D
All of these are HTML tags that can be embedded.

5. A
True. Insecure direct object reference occurs when a direct reference to a file,
directory, etc. is exposed to user.

6. A, B
The Web.config and SAM file are important files that an attacker can access on
the server.

7. A, C, D
Validating user input, using the correct data type, and executing your code in a
checked context are steps toward preventing integer overflow.

8. C
69% of computer users fall victim to cybercrime in their lifetimes.

9. A
True. Using cryptography is an element of secure coding.

10. A, B, C, D
All of these are common threats.

11. A, B, C
SQL injection affects dynamic SQL queries, submits data containing an SQL
command, and affects client-side script.
12. B
This statement is false.

13. A
True. Integer overflow occurs when a calculation causes an integer to exceed the
max value allowed by its data type.

You might also like