Home > Quiz: Web application threats and vulnerabilities
Quiz: SearchSAP.com:
EMAIL THIS

Quiz: Web application threats and vulnerabilities

01 Feb 2006 | SearchSecurity.com

Digg This!    StumbleUpon Toolbar StumbleUpon    Bookmark with Delicious Del.icio.us   

Web applications are subject to a barrage of threats and vulnerabilities that can put an entire enterprise at risk. Our quiz will help you determine how knowledgeable you are about securing your Web apps and whether you need to hone your Web security skills.

Find out more about securing SAP in SearchSAP.com's Security topic center

1.) True or False: It's OK to put sensitive information in HIDDEN form fields; after all, they're hidden.
a. True
b. False
Answer

2.) In what type of attack does an intruder manipulate a URL in such a way that the Web server executes or reveals the contents of a file anywhere on the server, including those lying outside the document root directory?
a. cross-site scripting
b. command injection
c. SQL injection
d. path traversal attacks
Answer

3.) Which of the following is true of improper error handling?
a. Attackers can use error messages to extract specific information from a system.
b. Attackers can use unexpected errors to knock an application off line, creating a denial-of-service attack.
c. Unexpected errors can provide an attacker with a buffer or stack overflow condition that sets the stage for an arbitrary code execution.
d. All of the above.
Answer

4.) True or False: The "NO-CACHE" cache-control response header prohibits documents from being stored on the client.
a. True
b. False
Answer

5.) Which of the following is NOT recommended for securing Web applications against authenticated users?
a. Client-side data validation
b. Filtering data with a default deny regular expression
c. Running the application under least privileges necessary
d. Using parameterized queries to access a database
Answer

6.) In which of the following exploits does an attacker insert malicious coding into a link that appears to be from a trustworthy source?
a. cross-site scripting
b. command injection
c. path traversal attack
d. buffer overflow
Answer

7.) True or False: Encrypted data is not at risk by keyloggers.
a. True
b. False
Answer

8.) In which of the following exploits does an attacker add SQL code to a Web form input box to gain access to resources or make changes to data?
a. cross-site scripting
b. command injection
c. SQL injection
d. buffer overflow
Answer

9.) Which of the following is characteristic of spyware?
a. Blocking access to antivirus and antispyware updates
b. Aggregating surfing habits across multiple users for advertising
c. Customizing search results based on an advertiser's needs
d. All of the above
Answer

10.) True or False: Web application variables can still be manipulated even when both client and server are using digital certificates to authenticate themselves and establish an SSL connection.
a. True
b. False
Answer

How'd you score?
9-10 correct: You're an authority on Web application security
6-8 correct: You're adept in Web application security
3-5 correct: You're a Web application security apprentice
0-2 correct: You're a Web application security amateur

Find out more about securing SAP in SearchSAP.com's Security topic center

Digg This!    StumbleUpon Toolbar StumbleUpon    Bookmark with Delicious Del.icio.us   



RELATED CONTENT
SAP security administration
SAP TechEd 2009 Phoenix: SearchSAP.com Special Report
How to stop SAP users from displaying SAP HR tables content
Locating user email addresses in SAP SU01 transaction code
How to map multiple SAP roles and profiles
Viewing SAP transaction codes and profiles
Managing SAP user access and password expirations
Can SAP developer include authority check for S_TCODE in a called transaction?
Cisco and SAP integrate technologies to create data privacy application
SAP administration information for a Basis interview
Transferring R/3 Admin skills to SAP NetWeaver

Security
Quiz: SAP security best practices
1. How can you lock and unlock a transaction code?
4. How can you broadcast a message to all users of the SAP system?
3. True or False? Central User Administration (CUA) is active by default
2. How do you set up and use system auditing of transactions?
5. What SAP default user is installed with SAP?
7. What is the primary check for SAP authorization checks?
9. How can you make changes to an SAP role for authorization?
11. What does the term "technical names on" refer to in SAP Basis or SAP security?
15. How can you reset SAP passwords?

Intro to SAP
Quiz: Back to basics with mySAP SRM
Answers to a SearchSAP.com quiz: Back to basics with mySAP SRM
1. SRM vs. EBP
2. Standard scenarios in SRM
6. Extended Classic Scenario
8. Plan Driven Procurement in SRM
10. Workflow customizing in SRM
12. SRM master data
14. SRM 4.0
15. Account assignment in SRM

RELATED RESOURCES
2020software.com, trial software downloads for accounting software, ERP software, CRM software and business software systems
Search Bitpipe.com for the latest white papers and business webcasts
Whatis.com, the online computer dictionary




SAP Exchange Infrastructure (XI) Research Papers
About Us  |  Contact Us  |  For Advertisers  |  For Business Partners  |  Site Index  |  RSS
SEARCH 
TechTarget provides technology professionals with the information they need to perform their jobs - from developing strategy, to making cost-effective purchase decisions and managing their organizations' technology projects - with its network of technology-specific websites, events and online magazines.

TechTarget Corporate Web Site  |  Media Kits  |  Site Map




All Rights Reserved, Copyright 2000 - 2009, TechTarget | Read our Privacy Policy
SearchSAP.com is a search service provided by TechTarget and is completely
independent of and not affiliated with SAP AG. 		  TechTarget - The IT Media ROI Experts