Thank you for taking the OWASP Top Ten Quiz. For a better idea of application security, please download our free product ThreatModeler to learn more about threat modeling and building secure applications.

OWASP Top 10 Quiz

Congratulations - you have completed OWASP Top 10 Quiz. You scored %%SCORE%% out of %%TOTAL%%. Your performance has been rated as %%RATING%%
Your answers are highlighted below.
Question 1
Attack that exploits the trust that a site has in a user's browser.
A
Cross Site Scripting
B
Cross Site Request Forgery
C
Cross Site Tracing
D
SQL Injection
Question 2
For a connection that changes from HTTP to HTTPS, what flaw arises if you do not change the session identifier?
A
Cross Site Request Forgery
B
Cross Site Scripting
C
Session Hijacking
D
Session Replay
Question 3
Which attack can execute scripts in the user’s browser and is capable of hijacking user sessions, defacing websites or redirecting the user to malicious sites.
A
Cross site scripting.
B
SQL Injection
C
Malware Uploading
D
Man in the middle
Question 4
Role-Based Access control helps prevent this OWASP Top 10 weakness
A
Insufficient Transport Layer Protection
B
Unvalidated Redirect or Forward
C
Security Misconfiguration
D
Failure to restrict URL Access
Question 5
What is the type of flaw that occurs when untrusted user entered data is sent to the interpreter as part of a query or command?
A
Insufficient Transport Layer Protection
B
Injection
C
Insecure Direct Object References
D
Cross Site Request Forgery
Question 6
For an an indirect reference, what happens if there’s no list of limited values authorized for a user in the direct reference?
A
Brute Forcing of stored encrypted credentials
B
XML Injection
C
SQL Injection
D
Access to sensitive data possible
Question 7
What is the attack technique used to exploit web sites by altering backend database queries through inputting manipulated queries?
A
SQL Injection
B
Cross Site Request Forgery
C
XML Injection
D
OS Commanding
Question 8
What threat are you vulnerable to if you do not validate authorization of user for direct references to restricted resources?
A
SQL Injection
B
Cross Site Request Forgery
C
Cross Site Scripting
D
Insecure Direct Object References
Question 9
Which threat can be prevented by having unique usernames generated with a high degree of entropy?
A
Crypt-analysis of hash values
B
Spamming
C
Authorization Bypass
D
Authentication bypass
Question 10
What threat arises from not flagging HTTP cookies with tokens as secure?
A
Session Hijacking
B
Access Control Violation
C
Session Replay
D
Insecure Cryptographic Storage
Question 11
What flaw arises from session tokens having poor randomness across a range of values?
A
Insecure Direct Object References
B
Session Replay
C
Session Hijacking
D
Session Fixation
Question 12
An attack technique that forces a user’s session credential or session ID to an explicit value.
A
Session Hijacking
B
Brute Force Attack
C
Session Fixation
D
Dictionary Attack
Question 13
For every link or form which invoke state-changing functions with an unpredictable token for each user what attack can be prevented?
A
OS Commanding
B
Cross Site Scripting
C
Cross Site Request Forgery
D
Cross Site Tracing
Question 14
What happens when an application takes user inputted data and sends it to a web browser without proper validation and escaping?
A
Security Misconfiguration
B
Cross Site Scripting
C
Insecure Direct Object References
D
Broken Authentication and Session Management
Question 15
What flaw can lead to exposure of resources or functionality to unintended actors?
A
Unvalidated Redirects and Forwards
B
Session Fixation
C
Improper Authentication
D
Insecure Cryptographic Storage
Once you are finished, click the button below. Any items you have not completed will be marked incorrect. Get Results
There are 15 questions to complete.
List
Return
Shaded items are complete.
12345
678910
1112131415
End
Return
OWASP Top Ten Quiz

Comments are closed.