Chapter 4 - Application Security Flashcards
Which of the following is one way of preventing spyware from being downloaded?
A. Use firewall exceptions.
B. Adjust Internet Explorer security settings.
C. Adjust the Internet Explorer home page.
D. Remove the spyware from Add/Remove Programs.
B. Adjust the Internet Explorer security settings so that security is at a higher level, and add trusted and restricted websites.
What key combination should be used to close a pop-up window? A. Windows+R B. Ctrl+Shift+Esc C. Ctrl+Alt+Del D. Alt+F4
D. Alt+F4 is the key combination that is used to close an active window. Sometimes it is okay to click the X, but malware creators are getting smarter all the time; the X could be a ruse.
Which protocol can be used to secure the e-mail login from an Outlook client using POP3 and SMTP? A. SMTP B. SPA C. SAP D. Exchange
B. SPA (Secure Password Authentication) is a Microsoft protocol used to authenticate e-mail clients. S/MIME and PGP can be used to secure the actual e-mail transmissions.
What are two ways to secure Internet Explorer? (Select the two best answers.)
A. Set the Internet zone’s security level to High.
B. Disable the pop-up blocker.
C. Disable ActiveX controls.
D. Add malicious sites to the Trusted Sites zone.
A and C. By increasing the Internet zone security level to high, you employ the maximum safeguards for that zone. ActiveX controls can be used for malicious purposes; disabling them makes it so that they do not show up in the
browser. Disabling a pop-up blocker and adding malicious sites to the Trusted Sites zone would make Internet Explorer less secure.
Heaps and stacks can be affected by which of the following attacks? A. Buffer overflows B. Rootkits C. SQL injection D. Cross-site scripting
A. Stacks and heaps are data structures that can be affected by buffer overflows. Value types are stored in a stack, whereas reference types are stored in a heap. An ethical coder will try to keep these running efficiently. An unethical coder will attempt to use a buffer overflow to affect heaps and stacks that in turn could affect the application in question or the operating system. The
buffer overflow might be initiated by certain inputs and can be prevented by bounds checking.
As part of your user awareness training, you recommend that users remove which of the following when they finish accessing the Internet? A. Instant messaging B. Cookies C. Group policies D. Temporary files
B. The best answer is cookies, which can be used for authentication and session tracking and can be read as plain text. They can be used by spyware and can track people without their permission. It is also wise to delete temporary
Internet files as opposed to temporary files.
Which statement best applies to the term Java applet?
A. It decreases the usability of web-enabled systems.
B. It is a programming language.
C. A web browser must have the capability to run Java applets.
D. It uses digital signatures for authentication.
C. To run Java applets, a web browser must have that option enabled. Java increases the usability of web-enabled systems, and Java is a programming language. It does not use digital signatures for authentication.
Which of the following concepts can ease administration but can be the victim of malicious attack? A. Zombies B. Backdoors C. Buffer overflow D. Group policy
B. Backdoors were originally created to ease administration. However, hackers quickly found that they could use these backdoors for a malicious attack.
In an attempt to collect information about a user’s activities, which of the following will be used by spyware? A. Tracking cookie B. Session cookie C. Shopping cart D. Persistent cookie
A. A tracking cookie will be used, or misused, by spyware in an attempt to access a user’s activities. Tracking cookies are also known as browser cookies or HTTP cookies, or simply a cookie. Shopping carts take advantage of cookies to keep the shopping cart reliable.
What is it known as when a web script runs in its own environment and does not interfere with other processes? A. Quarantine B. Honeynet C. Sandbox D. VPN
C. When a web script runs in its own environment for the express purpose of not interfering with other processes, it is known as running in a sandbox. Often, the sandbox will be used to create sample scripts before they are actually implemented. Quarantining is a method used to isolate viruses. A honeynet is a collection of servers used to attract hackers and isolate them in an area where they can do no damage. VPN is short for virtual private network, which enables the connection of two hosts from remote networks.
How can you train a user to easily determine whether a web page has a valid security certificate? (Select the best answer.)
A. Have the user contact the webmaster.
B. Have the user check for HTTPS://.
C. Have the user click the padlock in the browser and verify the certificate.
D. Have the user called the ISP.
C. In Internet Explorer, the user should click the padlock in the browser; this will show the certificate information. Often, the address bar will have different colors as the background; for example, blue or green means that the certificate is valid, whereas red or pink indicates a problem. In Firefox, click the name of the website listed in the address bar just before where it says HTTPS to find out the validity of the certificate. Contacting the webmaster and calling the ISP are time-consuming, not easily done, and not something that an end user should do. Although HTTPS:// can tell a person that the browser is now using the hypertext transfer protocol secure, it does not necessarily determine whether the certificate is valid.
To code applications in a secure manner, what is the best practice to use? A. Cross-site scripting B. Flash version 3 C. Input validation D. HTML version 5
C. Input validation is the best practice to use when coding applications. This is important when creating web applications or web pages that require information to be inputted by the user.
An organization hires you to test an application that you have limited knowledge of. You are given a login to the application, but do not have access to source code. What type of test are you running? A. White box B. Gray box C. Black box D. SDLC
B. A gray box test is when you are given limited information about the system you are testing. Black box testers are not given logins, source code, or anything else, though they may know the functionality of the system. White box testers are given logins, source code, documentation, and more. SDLC stands for Systems Development Life Cycle of which these types of tests are just a part.
You check the application log of your web server and see that someone attempted unsuccessfully to enter the text “test; etc/passwd” into an HTML form field. Which attack was attempted? A. SQL injection B. Code injection C. Command injection D. Buffer overflow
C. In this case a command was entered, and the attacker was attempting to gain access to the password file within the /etc directory. If the attacker tried to inject code, he would not use commands, but rather PHP, ASP, or another language. SQL injections are usually run on databases, not web servers’ HTML forms. Buffer overflows have to do with memory and how applications utilize it.
An attacker takes advantage of vulnerability in programming, which allows the attacker to copy more than 16 bytes to a standard 16-byte variable. Which attack is being initiated? A. Directory traversal B. Command injection C. XSS D. Buffer overflow
D. A buffer overflow can be initiated when a string variable is not programmed correctly—for example, if the variable allows for more than the standard amount of bytes. Directory traversal is when an attacker uses commands and code to access unauthorized parent directories. Command injection is when commands and command syntax are entered into an application or OS. XSS or cross-site scripting is when code is injected into a website form to obtain information and unauthorized access.
