Question 1 1 point Question 1 Saved From a Web Application p

Question 1 (1 point) Question 1 Saved From a Web Application perspective, which of the following best describes directory browsing or directory indexing? Question 1 options: An attack technique that consumes all of a web’s site available resources with the intent of rendering legitimate use impossible. A feature common to most popular web servers that exposes contents of a directory when no index page is present. A protocol scheme used on the World Wide Web describing the way a web client requests data and how a web server respond to those requests. A technique for exploiting a web site by altering backend LDAP statements through manipulating application input. None of the above Save Question 2 (1 point) Question 2 Saved A string of data provided by the web server, normally stored within a cookie or URL to track a user’s session is known as Question 2 options: Session Hi-jacking Session Forging Secure Sockets Layer SQL Injection None of the above Save Question 3 (1 point) Question 3 Saved An attach technique that forces a web site to echo client-supplied data which executes in the user’s web browser is known as Question 3 options: Cookie Poisoning Denial of Service SQL Injection Cross-Site Scripting None of the above Save Question 4 (1 point) Question 4 Saved Assuming a cookie named $SDEV300User has been properly set, and you are writing a PHP web application, identify one approach to expire the cookie after 20 minutes of session time. Question 4 options: setcookie($SDEV300User,20); setcookie($SDEV300,time() + 20); setcookie($SDEV300, time()-20, \"/\"); None of the above Save Question 5 (3 points) Question 5 Unsaved Create an array of Strings in PHP named $myStrings that has 5 element. Populate the array with 5 strings of your choice. Question 5 options: Spell check Save Question 6 (4 points) Question 6 Unsaved Write a PHP code snippet that includes a foreach loop that would display each of the strings names you created in the $myString variable. Display the results in an HTML table that is 6 rows by two columns. The first row should label each column as “original” and “Upper Case”.Then display the Original string and All Upper Case version of the string for each of the 5 elements in the table. Be sure your HTML table contains a visible border of thickness of your choice. Question 6 options: Spell check Save Question 7 (3 points) Question 7 Unsaved The following PHP code is not correctly unsetting the username session variable? What is wrong with the code? Be specific and provide the code that would work. Question 7 options: Spell check Save Question 8 (3 points) Question 8 Unsaved A MySQL table was created using the following script: Create table Courses ( CourseID int primary key, CourseNum varchar(4) not null, CourseSection int not null, Title varchar(10) not null, Credits short not null); Provide an insert statement that would correctly create a record for the table. Question 8 options: Spell check Save Question 9 (3 points) Question 9 Unsaved A record in the Courses table was created with a CourseID of 1200. Write a SQL statement to delete that record from the database Question 9 options: Spell check Save Question 10 (3 points) Question 10 Unsaved You need to modify an existing record in the courses table that has a CourseID of 999. You need to change the CourseNum to 330 and the title to AES Intro. Write a single SQL statement to update this record. Question 10 options: Spell check Save Question 11 (5 points) Question 11 Unsaved A table in MySQL names users has 3 String fields including firstname, lastname and username. Write a complete PHP class that would allow for constructing a users object and getting and setting values for each of the fields. Question 11 options: Spell check Save Question 12 (3 points) Question 12 Unsaved Using the PHP users class you just created, demonstrate how you would use construct a users object and then display of the field’s value using the getter methods. Be specific by provide the code. Question 12 options: Spell check Save Question 13 (2 points) Question 13 Unsaved When you use the OWASP ZAP tool, why do you need to configure your browser settings to a manual proxy configuration. In other words, why do you need a proxy server for ZAP? Question 13 options: Spell check Save Question 14 (3 points) Question 14 Unsaved Describe how to fix a password auto-complete vulnerability. Be specific by providing the code that would fix the issue. Question 14 options: Spell check Save Question 15 (4 points) Question 15 Unsaved What specific techniques can you use to reduce Cross-site scripting vulnerabilities? Provide an example of code changes that would mitigate Cross-site scripting.

Solution

Q 1

Answer:  

A Characteristic familiar to most popular web servers that representations contents of a directory when no index page is there.

Q 2

Answer:

Session Forging

Session Forging is an attack method used to make fake session credentials or estimate other user’s current session ID’s.

Q3

Answer:

Cross-Site Scripting

Q 4

Answer:

setcookie($SDEV300,time() + 20);

Q 8

Answer:

INSERT INTO Courses ( CourseID, CourseNum, CourseSection, Title, Credits)

Values(‘1200’,’CSE4’, ‘2’,’COMPUTER’,’8’);

Q 9

Answer:

DELETE FROM Courses

WHERE CourseID =1200;

Q 10

Answer:

UPDATE Courses

SET CourseNum =330, Title =AES

WHERE CourseID =999;

Q 14

Answer:

<INPUT TYPE=\"password\" AUTOCOMPLETE=\"off\">