19 Jun 2012

OWASP Top Ten Quiz

Thank you for taking the OWASP Top Ten Quiz. For a better idea of application security, please download our free product ThreatModeler to learn more about threat modeling and building secure applications.



OWASP Top 10 Quiz

Please wait while the activity loads.
If this activity does not load, try refreshing your browser. Also, this page requires javascript. Please visit using a browser with javascript enabled.
If loading fails, click here to try again

Congratulations – you have completed OWASP Top 10 Quiz.

You scored %%SCORE%% out of %%TOTAL%%.

Your performance has been rated as %%RATING%%

Your answers are highlighted below.

Question 1
What happens when an application takes user inputted data and sends it to a web browser without proper validation and escaping?
A
Broken Authentication and Session Management
B
Security Misconfiguration
C
Cross Site Scripting
D
Insecure Direct Object References
Question 2
Which threat can be prevented by having unique usernames generated with a high degree of entropy?
A
Authorization Bypass
B
Crypt-analysis of hash values
C
Spamming
D
Authentication bypass
Question 3
What flaw can lead to exposure of resources or functionality to unintended actors?
A
Insecure Cryptographic Storage
B
Unvalidated Redirects and Forwards
C
Session Fixation
D
Improper Authentication
Question 4
An attack technique that forces a user’s session credential or session ID to an explicit value.
A
Session Fixation
B
Brute Force Attack
C
Session Hijacking
D
Dictionary Attack
Question 5
Which attack can execute scripts in the user’s browser and is capable of hijacking user sessions, defacing websites or redirecting the user to malicious sites.
A
SQL Injection
B
Malware Uploading
C
Cross site scripting.
D
Man in the middle
Question 6
What threat arises from not flagging HTTP cookies with tokens as secure?
A
Session Replay
B
Insecure Cryptographic Storage
C
Access Control Violation
D
Session Hijacking
Question 7
For every link or form which invoke state-changing functions with an unpredictable token for each user what attack can be prevented?
A
Cross Site Scripting
B
OS Commanding
C
Cross Site Request Forgery
D
Cross Site Tracing
Question 8
What flaw arises from session tokens having poor randomness across a range of values?
A
Session Replay
B
Session Fixation
C
Insecure Direct Object References
D
Session Hijacking
Question 9
Role-Based Access control helps prevent this OWASP Top 10 weakness
A
Failure to restrict URL Access
B
Unvalidated Redirect or Forward
C
Insufficient Transport Layer Protection
D
Security Misconfiguration
Question 10
For a connection that changes from HTTP to HTTPS, what flaw arises if you do not change the session identifier?
A
Session Replay
B
Cross Site Scripting
C
Session Hijacking
D
Cross Site Request Forgery
Question 11
What is the attack technique used to exploit web sites by altering backend database queries through inputting manipulated queries?
A
XML Injection
B
OS Commanding
C
SQL Injection
D
Cross Site Request Forgery
Question 12
What threat are you vulnerable to if you do not validate authorization of user for direct references to restricted resources?
A
Cross Site Scripting
B
SQL Injection
C
Insecure Direct Object References
D
Cross Site Request Forgery
Question 13
What is the type of flaw that occurs when untrusted user entered data is sent to the interpreter as part of a query or command?
A
Insecure Direct Object References
B
Injection
C
Cross Site Request Forgery
D
Insufficient Transport Layer Protection
Question 14
Attack that exploits the trust that a site has in a user’s browser.
A
Cross Site Request Forgery
B
SQL Injection
C
Cross Site Scripting
D
Cross Site Tracing
Question 15
For an an indirect reference, what happens if there’s no list of limited values authorized for a user in the direct reference?
A
SQL Injection
B
Access to sensitive data possible
C
XML Injection
D
Brute Forcing of stored encrypted credentials
Once you are finished, click the button below. Any items you have not completed will be marked incorrect.
Get Results


There are 15 questions to complete.
List

Return

Shaded items are complete.
1 2 3 4 5
6 7 8 9 10
11 12 13 14 15
End
Return


Leave a Reply