Review Questions
You can find the answers in the Appendix.
-
Which one of the following approaches, when feasible, is the most effective way to defeat injection attacks?
- Browser-based input validation
- Input whitelisting
- Input blacklisting
- Signature detection
-
Examine the following network diagram. What is the most appropriate location for a web application firewall (WAF) on this network?
- Location A
- Location B
- Location C
- Location D
-
Joe is examining the logs for his web server and discovers that a user sent input to a web application that contained the string WAITFOR. What type of attack was the user likely attempting?
- Timing-based SQL injection
- HTML injection
- Cross-site scripting
- Content-based SQL injection
-
Which one of the following function calls is closely associated with Linux command injection attacks?
- system()
- sudo()
- mkdir()
- root()
-
Tina is conducting a penetration test and is trying to gain access to a user account. Which of the following is a good source for...