In the context of web applications…
---
primary_color: "#77b6ea"
secondary_color: lightgray
text_color: black
shuffle_questions: true
show_hint: false
shuffle_answers: true
---
## Which browser security mechanisms help mitigate XSS vulnerabilities?
Check all that apply.
- [ ] CORS
- [x] CSP
- [x] Same-Origin Policy
- [x] Cookie flags
- [ ] Referrer-Policy header
## What does IDOR stand for?
One answer applies.
1. [ ] Inconsistent Direct Origin Routing
1. [x] Insecure Direct Object Reference
1. [ ] Insecure Data Output Retrieval
1. [ ] Interactive Data Object Repository
## What does IDOR allow for?
Check all that apply.
- [ ] Remote code execution
- [x] Unauthorised modification of user data
- [x] Data theft
- [ ] Man in the middle attack
## What's the risk associated with an open redirect vulnerability?
One answer applies.
1. [ ] Unauthorized access to server-side code
1. [x] Redirection of users to malicious websites
1. [ ] Theft of users' session IDs
1. [ ] Execution of arbitrary server-side scripts
## What's the security advantage of using session ID cookies instead of HTTP Basic Authentication?
One answer applies.
1. [x] Avoiding constantly transmitting users' passwords over the network
1. [ ] Browsers' enforcement of TLS encryption for session ID cookies
1. [ ] Session IDs have a cryptographic signatures
1. [ ] There's no security advantage
## What's the strongest hashing algorithm for password storage, today?
One answer applies.
1. [ ] scrypt
1. [ ] bcrypt
1. [x] Argon2
1. [ ] PBKDF2-HMAC-SHA512
## What security properties does TLS provide?
One answer applies.
1. [x] Authenticity, Integrity & Confidentiality
1. [ ] Encryption, Privacy & Fault-tolerance
1. [ ] Forward Secrecy, Availability & Tamper-resistance
1. [ ] Authentication, Identification and Trustability
## Where should JWTs be stored?
One answer applies.
1. [x] `cookie`
1. [ ] `localStorage`
1. [ ] `sessionStorage`
1. [ ] JWT are ephemeral and should not be stored
## What type of attacks does browser sandboxing protect against?
One answer applies.
1. [x] Attacks against the browser itself or host machine
1. [ ] Cross-site scripting
1. [ ] Cross-site request forgery
1. [ ] NOP-sled attacks
## What feature does the OAuth2 protocol provide?
One answer applies.
1. [x] Access delegation through authorisation
1. [ ] Authentication
1. [ ] JWT signatures
1. [ ] Identification
## Which of the following Cross-Site-Scripting types exist?
Check all that apply.
- [x] DOM-based XSS
- [x] Stored XSS
- [x] Reflected XSS
- [ ] Shadow Injection XSS
## What does a Cross-Site Request Forgery attack cause?
One answer applies.
1. [ ] Unauthorised cookie access
1. [x] Induce user to perform unintended actions
1. [ ] Credential spoofing
1. [ ] Spontaneous Data Duplication
## Why are passwords salted before being hashed?
One answer applies.
1. [ ] To enhance their flavor
1. [x] To mitigate rainbow table attacks
1. [ ] To make the hash longer and more random
1. [ ] To reduce hash collision
## In the context of password storage, what is the difference between a salt and a pepper?
Check all that apply.
- [ ] The way they are used to compute the hash (before or after the plaintext)
- [x] Salt is not secret and pepper is secret
- [x] Salt is stored next to the hashed password and pepper is stored elsewhere
- [ ] Salt is specific for every password stored, a pepper is the same for all stored passwords
## DOMPurify is a JS library that protects against… by…?
One answer applies.
1. [ ] SQL Injections / sanitising user inputs
1. [x] XSS / sanitising HTML
1. [ ] Command injection / sanitising HTTP requests before they’re sent
1. [ ] Account takeover / enforcing strict security boundaries in the DOM
## To detect attacks, web application firewalls look for odd patterns in…?
One answer applies.
1. [x] HTTP Requests
1. [ ] JA3 fingerprints
1. [ ] OSPF Routing Tables
1. [ ] Control flow graphs
## How can CDN caching potentially introduce security risks to a web application?
One answer applies.
1. [ ] By reducing latency, which allows timing-based side channel attacks
1. [x] By caching sensitive information, leading to unauthorized data exposure
1. [ ] By hiding all users’ IP addresses, adversely affecting security observability
1. [ ] By serving as a bounce-board for amplifying web attacks
## Which of the following can be considered a security boundary?
Check all that apply.
- [ ] Client-server communication encryption with TLS
- [x] Network-level separation between datastore assets and application runtime assets
- [x] Segregation between production and non-production environments
- [ ] Two factor authentication
## Which of the following best describes a race condition vulnerability?
One answer applies.
1. [ ] An attacker intercepts and manipulates data in transit
1. [x] Two or more processes access shared resources simultaneously, causing unpredictable behavior
1. [ ] An attacker succeeds in responding to a user request faster than the legitimate server
1. [ ] Inability to authenticate users properly
## What are the risks associated with a Server-Side Request Forgery vulnerability?
Check all that apply.
- [x] An attacker can force the server to access internal services or resources, potentially leading to data exposure or unauthorized access
- [x] An attacker can use SSRF to conduct port scanning on internal networks, discovering hidden or sensitive services
- [ ] An attacker can execute arbitrary code on the server
- [ ] An attacker can do lateral privilege escalation and switch identities
What’s your score?
- 2️⃣0️⃣ - 1️⃣8️⃣ → 🎉 Nicely done! We’ve got a solid security engineer candidate here!
- 1️⃣7️⃣ - 1️⃣4️⃣ → 👌 Your security team can count on you.
- 1️⃣3️⃣ - 1️⃣1️⃣ → 👍 Not bad, you’ve got a few good ideas.
- ≤ 🔟 → 🚨 Inline with the wider IT engineering population.