The SecOps Group Related Exams
CAP Exam

After purchasing an item on an e-commerce website, a user can view his order details by visiting the URL:
A security researcher pointed out that by manipulating the order_id value in the URL, a user can view arbitrary orders and sensitive information associated with that order_id.
Which of the following is correct?
In the context of NoSQL injection, which of the following is correct?
Statement A: NoSQL databases provide looser consistency restrictions than traditional SQL databases. By requiring fewer relational constraints and consistency checks, NoSQL databases often offer performance and scaling benefits. Yet these databases are still potentially vulnerable to injection attacks, even if they aren’t using the traditional SQL syntax.
Statement B: NoSQL database calls are written in the application’s programming language, a custom API call, or formatted according to a common convention (such as XML, JSON, LINQ, etc).
Under the same-origin policy (also SOP), a web browser permits scripts contained in a web page to access data in another web page, but only if both web pages have the same origin. Which of the following pages are in the same origin as that of the below URL?