quiz 10 Flashcards
OLE DB relies on connection strings that enable the application to access the data stored on an external device.
True
In Windows, IIS stands for _____
nternet Information Services
__ is the interface that describes how a Web server passes data to a Web browser.
CGI
___ represent(s) a comment in SQL.
Double hyphens (–)
Connecting to a VSAM database with OLE DB requires using ____ as the provider.
SNAOLEDB
Dynamic Web pages need special components for displaying information that changes depending on user input or information obtained from a back-end server. What kind of components can Web pages use to achieve this?
To do this, dynamic Web pages can use the tag, Common Gateway Interface (CGI), Active Server Pages (ASP), PHP, ColdFusion, JavaScript, and database connector strings, such as Open Database Connector (ODBC).
foundation of most Web applications
HTML
main role is passing data between a Web server and Web browser
CGI
language developed by Microsoft
JScript
keeps attackers from knowing the directory structure on an IIS Web server
virtual directory
a Web server
Apache
stands for cross-site scripting flaw
XSS
helps beginning Web application security testers gain a better understanding of the areas covered in the OWASP top ten Web applications vulnerability list
WebGoat
tool for searching Web sites for CGI scripts that can be exploited
Cgi Scanner v1.4
GUI tool that can be downloaded free from Microsoft and is included in the IIS Resource Kit
Wfetch
JavaScript is a server-side scripting language that is embedded in an HTML Web page.
False
One of the best Web sites to find tools for hacking Web applications is ___
http://packetstormsecurity.org
Web applications written in CFML can also contain other client-side technologies, such as HTML and JavaScript.
True
__ is one of the best tools for scanning the Web for systems with CGI vulnerabilities.
Cgiscan.c
SQL ____ involves the attacker supplying SQL commands when prompted to fill in a Web application field.
injection
A user can view the source code of a PHP file by using the browser’s “View Source” option.
False
CGI programs can be written in many different programming and scripting languages, such as C/C++, Perl, UNIX shells, Visual Basic, and FORTRAN.
True
CFML stands for _______________
ColdFusion Markup Language
What is OWASP?
Much like ISECOM, Open Web Application Security Project (OWASP) is an open, not-for-profit foundation dedicated to finding and fighting the causes of software vulnerabilities. OWASP (www.owasp.org) publishes the Ten Most Critical Web Application Security Vulnerabilities paper that has been built into the Payment Card Industry (PCI) Data Security Standard.