Security Mechanisms and Vulnerabilities (Basic)

Question 1

What is the OWASP Top 10?

OWASP Top 10

Answer 1

A list of the most critical security risks for web applications, maintained by the Open Web Application Security Project (OWASP). This is subject to change every year

Question 2

What is SQL Injection (SQLi)?

OWASP Top 10

Answer 2

A vulnerability that allows attackers to manipulate SQL queries by injecting malicious input, potentially leading to data leakage or database compromise.

Question 3

What is Cross-Site Scripting (XSS)?

OWASP Top 10

Answer 3

A vulnerability that allows attackers to inject malicious JavaScript into a webpage, which then executes in a user’s browser.

Question 4

What is Cross-Site Request Forgery (CSRF)?

OWASP Top 10

Answer 4

An attack where an authenticated user unknowingly executes unwanted actions on a web application through manipulated requests.

Question 5

What is Server-Side Request Forgery (SSRF)?

OWASP Top 10

Answer 5

A vulnerability that allows an attacker to force a server to send unauthorized requests, often used to access internal systems.

Question 6

What is XML External Entity (XXE) injection?

OWASP Top 10

Answer 6

An attack exploiting weak XML parsers to execute malicious payloads, read sensitive files, or perform server-side request forgery.

Question 7

What is insecure deserialization?

OWASP Top 10

Answer 7

A vulnerability where untrusted data is deserialized, potentially leading to remote code execution or privilege escalation.

Question 8

What are business logic flaws?

OWASP Top 10

Answer 8

Security weaknesses that arise from improper handling of business rules, such as price manipulation or improper access control.

Question 9

What is Insecure Direct Object Reference (IDOR)?

OWASP Top 10

Answer 9

A flaw where users can access unauthorized resources by modifying input values, such as user IDs in URLs.