L21 - Web Security Flashcards
Cookies are created by ads that run on websites
a) True
b) False
a) True
Cookies are created by websites a user is visiting
a) True
b) False
a) True
Cookies are compiled pieces of code
a) True
b) False
b) False
Cookies can be used as a form of virus
a) True
b) False
b) False
Cookies can be used as a form of spyware
a) True
b) False
a) True
Web browser can be attacked by any web site that it visits
a) True
b) False
a) True
Even if a browser is compromised, the rest of the computer is still secure
a) True
b) False
b) False
If a browser is compromised, it can lead to malware installation on the computer
Web servers can be compromised because of exploits on web applications
a) True
b) False
a) True
Can lead to attacks that can compromise websites
When a user’s browser visits a compromised or malicious site, a malicious script is returned
a) True
b) False
a) True
To prevent XSS, any user input must be checked and preprocessed before it is used inside html
a) True
b) False
a) True
Website should make sure that the name of the user is not a script
Can the following prevent XSRF?
Checking the http Referer header to see if the request comes from an authorized page
a) True
b) False
a) True
Can the following prevent XSRF?
Use synchronizer token pattern where a token for each request is embedded by the web application in all html forms and verified on the server side
a) True
b) False
a) True
Can the following prevent XSRF?
Logoff immediately after using a web application
a) True
b) False
a) True
Can the following prevent XSRF?
Do not allow browser to save username/password and do not allow web sites to “remember” user login
a) True
b) False
a) True
Can the following prevent XSRF?
Do not use the same browser to access sensitive web sites and surf the web freely
a) True
b) False
a) True
