After purchasing an item on an e-commerce website, a user can view his order details by visiting the URL:
A security researcher pointed out that by manipulating the order_id value in the URL, a user can view arbitrary orders and sensitive information associated with that order_id.
Which of the following is correct?
In the context of NoSQL injection, which of the following is correct?
Statement A: NoSQL databases provide looser consistency restrictions than traditional SQL databases. By requiring fewer relational constraints and consistency checks, NoSQL databases often offer performance and scaling benefits. Yet these databases are still potentially vulnerable to injection attacks, even if they aren’t using the traditional SQL syntax.
Statement B: NoSQL database calls are written in the application’s programming language, a custom API call, or formatted according to a common convention (such as XML, JSON, LINQ, etc).
Which of the following directives in a Content-Security-Policy HTTP response header, can be used to prevent a Clickjacking attack?
What is the full form of SAML?
Based on the below HTTP request, which of the following statements is correct?
POST /changepassword HTTP/2
Host: example.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:107.0) Gecko/20100101 Firefox/107.0
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-origin
Cookie: JSESSIONID=38RB5ECV10785B53AF29816E92E2E50
Content-Length: 95
new_password=usher!@22&confirm_password=usher!@22
Which of the following is a common attack in the context of SAML security?
GraphQL is an open-source data query and manipulation language for APIs, and a query runtime engine. In this context, what is GraphQL Introspection?
Null Byte Injection is an active exploitation technique used to bypass sanity-checking filters in web applications by adding a URL-encoded null byte character to the user-supplied data. Which of the following is a URL-encoded representation of a null byte?
Under the same-origin policy (also SOP), a web browser permits scripts contained in a web page to access data in another web page, but only if both web pages have the same origin. Which of the following pages are in the same origin as that of the below URL?
In the context of the Race Condition vulnerability, which of the following statements is true?
Which HTTP header is used by the CORS (Cross-origin resource sharing) standard to control access to resources on a server?
An application’s forget password functionality is described below:
The user enters their email address and receives a message on the web page:
“If the email exists, we will email you a link to reset the password”
The user also receives an email saying:
“Please use the link below to create a new password:”
(Note that the developer has included a one-time random token with the ‘userId’ parameter in the link). So, the link seems like:
&token=70e7803e-bf53-45e1-8a3f-fb15da7de3a0
Will this mechanism prevent an attacker from resetting arbitrary users’ passwords?
The following request is vulnerable to Cross-Site Request Forgery vulnerability.
POST /changepassword HTTP/2Host: example.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) rv:107.0) Gecko/20100101 Firefox/107.0 Sec-Fetch-Dest: document Sec-Fetch-Mode: navigate Sec-Fetch-Site: same-origin Cookie: JSESSIONID=38RC5ECV10785B53AF19816E92E2E50 Content-Length: 95
new_password=lov3MyPiano23&confirm_password=lov3MyPiano23
In the screenshot below, an attacker is attempting to exploit which vulnerability?
Request
POST /dashboard/userdata HTTP/1.1
Host: example.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) Firefox/107.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-GB,en;q=0.5
Accept-Encoding: gzip, deflate
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1
Cookie: JSESSIONID=7576572ce167b5634ie646de967c759643d53031
Te: trailers
Connection: keep-alive
Content-Type: application/x-www-form-urlencoded
Content-Length: 36
PrettyRaw | Hex | php | curl | ln | Pretty
HTTP/1.1 200 OK
Date: Fri, 09 Dec 2022 11:42:27 GMT
Content-Type: text/html; charset=UTF-8
Content-Length: 12746
Connection: keep-alive
X-Xss-Protection: 1; mode=block
X-Content-Type-Options: nosniff
X-Request-ID: 65403d71e8745d5e1fe205f44d531
Content-Length: 12746
<html>
<head>
<meta charset="utf-8">
<meta name="viewport" content="width=device-width, initial-scale=1">
<title>
Admin Panel
</title>
Determine the primary defense against a SQL injection vulnerability
The DNS entries for and both point to the same IP address i.e., 1.3.3.7. How does the web server know which web application is being requested by the end user's browser?
Which of the following is NOT a Server-Side attack?
Which of the following is NOT a symmetric key encryption algorithm?