--- primary_color: "#77b6ea" secondary_color: lightgray text_color: black shuffle_questions: true show_hint: false shuffle_answers: true --- ## Which browser security mechanisms help mitigate XSS vulnerabilities? Check all that apply. - [ ] CORS - [x] CSP - [x] Same-Origin Policy - [x] Cookie flags - [ ] Referrer-Policy header ## What does IDOR stand for? One answer applies. 1. [ ] Inconsistent Direct Origin Routing 1. [x] Insecure Direct Object Reference 1. [ ] Insecure Data Output Retrieval 1. [ ] Interactive Data Object Repository ## What does IDOR allow for? Check all that apply. - [ ] Remote code execution - [x] Unauthorised modification of user data - [x] Data theft - [ ] Man in the middle attack ## What's the risk associated with an open redirect vulnerability? One answer applies. 1. [ ] Unauthorized access to server-side code 1. [x] Redirection of users to malicious websites 1. [ ] Theft of users' session IDs 1. [ ] Execution of arbitrary server-side scripts ## What's the security advantage of using session ID cookies instead of HTTP Basic Authentication? One answer applies. 1. [x] Avoiding constantly transmitting users' passwords over the network 1. [ ] Browsers' enforcement of TLS encryption for session ID cookies 1. [ ] Session IDs have a cryptographic signatures 1. [ ] There's no security advantage ## What's the strongest hashing algorithm for password storage, today? One answer applies. 1. [ ] scrypt 1. [ ] bcrypt 1. [x] Argon2 1. [ ] PBKDF2-HMAC-SHA512 ## What security properties does TLS provide? One answer applies. 1. [x] Authenticity, Integrity & Confidentiality 1. [ ] Encryption, Privacy & Fault-tolerance 1. [ ] Forward Secrecy, Availability & Tamper-resistance 1. [ ] Authentication, Identification and Trustability ## Where should JWTs be stored? One answer applies. 1. [x] `cookie` 1. [ ] `localStorage` 1. [ ] `sessionStorage` 1. [ ] JWT are ephemeral and should not be stored ## What type of attacks does browser sandboxing protect against? One answer applies. 1. [x] Attacks against the browser itself or host machine 1. [ ] Cross-site scripting 1. [ ] Cross-site request forgery 1. [ ] NOP-sled attacks ## What feature does the OAuth2 protocol provide? One answer applies. 1. [x] Access delegation through authorisation 1. [ ] Authentication 1. [ ] JWT signatures 1. [ ] Identification ## Which of the following Cross-Site-Scripting types exist? Check all that apply. - [x] DOM-based XSS - [x] Stored XSS - [x] Reflected XSS - [ ] Shadow Injection XSS ## What does a Cross-Site Request Forgery attack cause? One answer applies. 1. [ ] Unauthorised cookie access 1. [x] Induce user to perform unintended actions 1. [ ] Credential spoofing 1. [ ] Spontaneous Data Duplication ## Why are passwords salted before being hashed? One answer applies. 1. [ ] To enhance their flavor 1. [x] To mitigate rainbow table attacks 1. [ ] To make the hash longer and more random 1. [ ] To reduce hash collision ## In the context of password storage, what is the difference between a salt and a pepper? Check all that apply. - [ ] The way they are used to compute the hash (before or after the plaintext) - [x] Salt is not secret and pepper is secret - [x] Salt is stored next to the hashed password and pepper is stored elsewhere - [ ] Salt is specific for every password stored, a pepper is the same for all stored passwords ## DOMPurify is a JS library that protects against… by…? One answer applies. 1. [ ] SQL Injections / sanitising user inputs 1. [x] XSS / sanitising HTML 1. [ ] Command injection / sanitising HTTP requests before they’re sent 1. [ ] Account takeover / enforcing strict security boundaries in the DOM ## To detect attacks, web application firewalls look for odd patterns in…? One answer applies. 1. [x] HTTP Requests 1. [ ] JA3 fingerprints 1. [ ] OSPF Routing Tables 1. [ ] Control flow graphs ## How can CDN caching potentially introduce security risks to a web application? One answer applies. 1. [ ] By reducing latency, which allows timing-based side channel attacks 1. [x] By caching sensitive information, leading to unauthorized data exposure 1. [ ] By hiding all users’ IP addresses, adversely affecting security observability 1. [ ] By serving as a bounce-board for amplifying web attacks ## Which of the following can be considered a security boundary? Check all that apply. - [ ] Client-server communication encryption with TLS - [x] Network-level separation between datastore assets and application runtime assets - [x] Segregation between production and non-production environments - [ ] Two factor authentication ## Which of the following best describes a race condition vulnerability? One answer applies. 1. [ ] An attacker intercepts and manipulates data in transit 1. [x] Two or more processes access shared resources simultaneously, causing unpredictable behavior 1. [ ] An attacker succeeds in responding to a user request faster than the legitimate server 1. [ ] Inability to authenticate users properly ## What are the risks associated with a Server-Side Request Forgery vulnerability? Check all that apply. - [x] An attacker can force the server to access internal services or resources, potentially leading to data exposure or unauthorized access - [x] An attacker can use SSRF to conduct port scanning on internal networks, discovering hidden or sensitive services - [ ] An attacker can execute arbitrary code on the server - [ ] An attacker can do lateral privilege escalation and switch identities