Hacking Web Application

Question 1

specifically exploits the semicolon delimited database connection strings that are constructed dynamically based on the user inputs from web applications. So, injecting parameters into a connection string using semicolons as a separator is performed for a CSPP attack.

Answer 1

Connection String Parameter Pollution (CSPP)

Question 2

Service Oriented Architecture (SOA) vulnerability

Answer 2

XML denial of service issues

Question 3

Injection of malicious SQL queries into user input forms

Answer 3

SQL Injection

Question 4

Injection of malicious LDAP statements

Answer 4

LDAP Injection

Question 5

Attacker tries to craft an input string to gain shell access to a web server

Answer 5

Shell injection

Question 6

Injection of malicious html code (or) command through a web application

Answer 6

Command Injection

Question 7

hacker alters the content of the web page by using HTML code and by identifying the form fields that lack valid constraints

Answer 7

Command Injection Attack

Question 8

An attacker exploits a web application by tampering with the form and parameter of the web application and he is successful in exploiting the web application and gaining access

Answer 8

Security misconfiguration

Question 9

The session cookies do not have the HttpOnly flag set

Answer 9

vulnerable XSS attack

Question 10

the web application should not use random tokens.

Answer 10

Cross-site request forgery vulnerable web application

Question 11

The first step in analyzing a web app

Answer 11

Identify entry points for user input