--- primary_color: "#77b6ea" secondary_color: lightgray text_color: black shuffle_questions: false show_hint: false shuffle_answers: false --- ## Which of the following can be considered a security boundary? Check all that apply. - [ ] Rate limiting - [x] Network-level separation between datastore assets and application runtime assets - [x] Segregation between production and non-production environments - [ ] Two factor authentication ## What feature does the OAuth2 protocol provide? One answer applies. 1. [x] Access delegation through authorisation 1. [ ] Authentication 1. [ ] JWT signatures 1. [ ] Identification ## What's the strongest hashing algorithm for password storage, today? One answer applies. 1. [ ] rc4 1. [ ] bcrypt 1. [x] Argon2 1. [ ] md5 ## What's the advantage of session ID cookies vs. HTTP Basic Authentication? One answer applies. 1. [ ] Browsers' enforcement of TLS encryption for session ID cookies 1. [ ] Session IDs have a cryptographic signatures 1. [ ] There's no security advantage 1. [x] Avoiding constantly transmitting users' passwords over the network ## What's the risk associated with an open redirect vulnerability? One answer applies. 1. [ ] Unauthorized access to server-side code 1. [x] Redirection of users to malicious websites 1. [ ] Theft of users' session IDs 1. [ ] Execution of arbitrary server-side scripts ## Which browser security mechanisms help mitigate XSS vulnerabilities? Check all that apply. - [ ] CORS - [x] CSP - [x] Same-Origin Policy - [x] Cookie flags ## What security properties does TLS provide? One answer applies. 1. [x] Authenticity, Integrity & Confidentiality 1. [ ] Encryption, Privacy & Fault-tolerance 1. [ ] Forward Secrecy, Availability & Tamper-resistance 1. [ ] Authentication, Identification and Trustability ## In the context of a browser, where should JWTs be stored? One answer applies. 1. [ ] JWT are ephemeral and should not be stored 1. [x] `cookie` 1. [ ] `localStorage` 1. [ ] `sessionStorage` ## What type of attacks does browser sandboxing protect against? One answer applies. 1. [ ] Cross-site scripting 1. [ ] Cross-site request forgery 1. [x] Attacks against the browser itself or host machine 1. [ ] NOP-sled attacks ## To detect attacks, web application firewalls look for odd patterns in…? One answer applies. 1. [x] HTTP Requests 1. [ ] JA3 fingerprints 1. [ ] OSPF Routing Tables 1. [ ] Control flow graphs ## What does IDOR stand for? One answer applies. 1. [ ] Inconsistent Direct Origin Routing 1. [x] Insecure Direct Object Reference 1. [ ] Insecure Data Output Retrieval 1. [ ] Interactive Data Object Repository ## What does IDOR allow for? Check all that apply. - [x] Unauthorised modification of user data - [ ] Remote code execution - [x] Data theft - [ ] Man in the middle attack ## Which of the following Cross-Site-Scripting types exist? Check all that apply. - [x] DOM-based XSS - [x] Stored XSS - [x] Reflected XSS - [ ] Shadow Injection XSS ## What does a Cross-Site Request Forgery attack cause? One answer applies. 1. [ ] Unauthorised cookie access 1. [x] Induce user to perform unintended actions 1. [ ] Credential spoofing 1. [ ] Spontaneous Data Duplication ## Why are passwords salted before being hashed? One answer applies. 1. [ ] To enhance their flavor 1. [ ] To make the hash longer and more random 1. [ ] To reduce hash collisions likelihood 1. [x] To mitigate rainbow table attacks ## In the context of password storage, what is the difference between a salt and a pepper? Check all that apply. - [ ] The way they are used to compute the hash (before or after the plaintext) - [x] Salt is not secret and pepper is secret - [x] Salt is stored next to the hashed password and pepper is stored elsewhere - [ ] Salt is specific for every password stored, a pepper is the same for all stored passwords ## DOMPurify is a JS library that protects against… by…? One answer applies. 1. [x] XSS by sanitising HTML 1. [ ] SQL Injections by sanitising user inputs 1. [ ] Command injection by sanitising HTTP requests before they’re sent 1. [ ] Account takeover by enforcing strict security boundaries in the DOM ## How can CDN caching introduce security risks to a web application? One answer applies. 1. [ ] By allowing timing-based side channel attacks 1. [x] By caching sensitive information and serving it to the wrong users, leading to unauthorized data exposure 1. [ ] By hiding users’ IP addresses, making them anonymous 1. [ ] By serving as a bounce-board for amplifying web attacks ## Which of the following best describes a race condition vulnerability? One answer applies. 1. [ ] An attacker intercepts and manipulates data in transit 1. [ ] An attacker succeeds in responding to a user request faster than the legitimate server 1. [x] Two or more processes access shared resources simultaneously, causing unpredictable behavior 1. [ ] Inability to authenticate users properly ## What are the risks associated with a Server-Side Request Forgery vulnerability? Check all that apply. - [x] An attacker can force the server to access internal services or resources, potentially leading to data exposure or unauthorized access - [x] An attacker can use SSRF to conduct port scanning on internal networks, discovering hidden or sensitive services - [ ] An attacker can execute arbitrary code on the server - [ ] An attacker can do lateral privilege escalation and switch identities