CWS Top 25

Question 1

What does CWE stand for in the context of software weaknesses?

Answer 1

Common Weakness Enumeration

Question 2

Which CWE is associated with ‘Improper Input Validation’?

Answer 2

CWE-20

Question 3

True or False: CWE-79 refers to ‘Improper Neutralization of Input During Web Page Generation’.

Answer 3

True

Question 4

What is the primary concern of CWE-89?

Answer 4

SQL Injection

Question 5

Fill in the blank: CWE-352 is known as ‘Cross-Site Request Forgery (CSRF)’.

Answer 5

Cross-Site Request Forgery (CSRF)

Question 6

Which CWE is related to ‘Improper Restriction of Operations within the Bounds of a Memory Buffer’?

Answer 6

CWE-787

Question 7

Name one of the top 10 weaknesses in the CWS Common Weakness Enumeration.

Answer 7

Injection

Question 8

What type of attack does CWE-125 refer to?

Answer 8

Out-of-Bounds Read

Question 9

Which CWE involves ‘Exposure of Sensitive Information to an Unauthorized Actor’?

Answer 9

CWE-502

Question 10

True or False: CWE-476 is known as ‘NULL Pointer Dereference’.

Answer 10

True

Question 11

What are the top 3 weaknesses in the CWS Common Weakness Enumeration?

Answer 11

1. Injection, 2. Broken Authentication, 3. Sensitive Data Exposure

Question 12

Multiple Choice: Which of the following is a type of injection attack?

Answer 12

SQL Injection

Question 13

What is the consequence of CWE-20?

Answer 13

It can lead to unexpected behaviors and security vulnerabilities.

Question 14

Fill in the blank: CWE-89 can compromise __________ databases.

Answer 14

SQL

Question 15

Which CWE is often exploited in Cross-Site Scripting (XSS) attacks?

Answer 15

CWE-79