1. What is one difference between an HTTP GET and an HTTP POST request?
Only POST requests may include parameter data in the request body
Only POST requests can encode parameters in the URL
Only GET requests use the REFERER header
Only GET requests are subject to the same-origin policy
2. Which of the following is true about static and dynamic web content?
The server often produces dynamic content based on the contents of the database
Static content may be re-generated with each request
Static pages may include PHP programs, which execute at the browser
3. SQL injection exploits a bug in what interaction of a web application?
Network to server
Server to client
Server to database
Client to server
4. SQL injection often allows an attacker to do which of the following?
Overrun a buffer to smash the stack
All of the above
Cause memory to be used after it's freed
Access information he shouldn't
5. If you had to summarize the key (most specific) programming failure with SQL injection, it would be:
Confusing data with code
Trusting without verifying
Circumventing the same origin policy
6. What is escaping an example of?
7. Suppose a web application implements authentication by constructing an SQL query from HTML from data using PHP's prepared statements. What would happen if an attacker entered FRANK' OR 1=1; -- in the web form's user field?
The text will modify the structure of the SQL query and possibly bypass authentication
The application will try to authenticate a user whose name is FRANK' OR 1=1; --
The text will corrupt the query structure and the database will view it as a syntax error
The text will be confused as the password and authentication will probably fail
8. Why is it undesirable to implement session identifiers using (only) hidden form fields?
The session ID is forgotten when the browser window is closed
Such fields cannot contain binary data
Such fields cannot include timeout information
These fields are easily modified by the user
9. Suppose a browser submits a GET request to URL http://www.mybank.com/accountinfo on 20 February 2015. Which of the following cookies, if already stored at the browser, would be sent with the request?
lang=us-english; expires=Sat, 1-Aug-2015; path=/accountinfo/; domain=.fidelity.com
sessid=ABCDEFG; expires=Sat, 21-Feb-2015; path=/; domain=.mybank.com
edition=us; expires=Thu, 19-Feb-2015; path=/accountinfo/prefs; domain=.mybank.com
edition=us; expires=Wed, 18-Feb-2015; path=/; domain=.mybank.com
10. Which of the following are ways that session cookies could be stolen or forged?
Copying a cookie by keylogging
Compromising the browser or server
Predicting the cookie's structure and reconstructing it
11. Which of the following are ways to reduce the impact of a stolen cookies?
Associate the cookie with the server's IP address
Changing a user's cookie from session to session
Prevent cookies from entering the DNS cache
12. How can the REFERER field be used to defend against CSRF attacks?
It can be used to ensure that sensitive requests are (only) initiated by interaction with a site's own pages
It can't be used reliably because it only works for dynamic content
It ensures that requests only come from authenticated users
13. <script></script>tags in HTML pages most often identify programs written in what language?
It doesn't -- these programs are only used to render dynamic content but are otherwise not security-relevant
Such programs could deny service by running forever
Such programs may access browser-controlled resources, which include potentially sensitive data in HTML documents and cookies
15. XSS subverts what policy?
16. What is the difference between stored (or persistent) XSS and reflected XSS?
Stored XSS works by injecting code in a site's served content, while reflected XSS injects code in a URL
Stored XSS is amenable to blacklisting but reflected XSS is not
Stored XSS works on database queries while reflected XSS works on cookies, which are received from and reflected back to the server