Web Security Flashcards

1
Q

what is OWASP?

A
  • worldwide charitable organization focused on improving the security of application software.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Top 10 OWASP :
1. Cross-Site Scripting (XSS)

A
  • malicious scripts are injected into trusted websites.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Top 10 OWASP :
2. Injection Flaws

A
  • allow attackers to relay malicious code through the Web application to another system.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Top 10 OWASP :
3.malicious file execution

A
  • occurs when websites and web applications are not properly validated
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

Top 10 OWASP:
4. Insecure Direct Object Reference

A
  • occurs when a developer exposes a reference to an internal implementation object
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

Top 10 OWASP:
5. Cross-Site Request Forgery

A
  • is an attack that forces an end user to execute unwanted actions on a web application in which they’re currently authenticated.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

Top 10 OWASP:
6. Information Leakage and Improper Error Handling

A
  • Applications can unintentionally leak information about their configuration, internal workings…etc
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

Top 10 OWASP:
7. Broken Authentication and Session Management

A

-includes all aspects of handling user authentication and managing active sessions.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

Top 10 OWASP:
8. Insecure Cryptographic Storage

A
  • Protecting sensitive data with cryptography
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

Top 10 OWASP:
9. Insecure Communications

A
  • SSL must be used for all authenticated connections, especially the Internet-accessible Web pages
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

Top 10 OWASP:
10. Failure to Restrict URL Access

A
  • the only protection for a URL that links to that page are not presented to unauthorized users. However skilled or just plain lucky attacker may be able to find and access these pages.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

Web attacks are classified into34 typesthat include:

A
  • Abuse of functionality
  • Buffer Overflow
  • Content spoofing
  • Brute force
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

Web weaknesses are classified into15 classes that include:

A
  • Application Misconfiguration
  • Information Leakage
  • Directory Indexing
  • Improper input handling
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

The to-do list for web application design

A
  • Harden the network
  • Document network security procedures
  • Deploy encryption strategies
  • Educate users
  • Use preventative tools
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

What is a Website Security Audit?

A

-It compares the effectiveness of the organization’s security systems and protocols to a set of predetermined standards.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

Why Web Application Security Audits Important?

A
  • Saves money
  • Verify the security stance
  • Gain the upper hand over hackers by moving first
  • Discover the Threats to a Website
  • Demand for Compliance
  • Find and fix problems with security policies and protocols