20 Jun 2012

Secure Coding Quiz

Thank you for taking the Secure Coding Quiz. For a better idea of application security, please download our free product ThreatModeler to learn more about threat modeling and building secure applications.

 



Secure Coding Quiz

Please wait while the activity loads.
If this activity does not load, try refreshing your browser. Also, this page requires javascript. Please visit using a browser with javascript enabled.
If loading fails, click here to try again

Congratulations – you have completed Secure Coding Quiz.

You scored %%SCORE%% out of %%TOTAL%%.

Your performance has been rated as %%RATING%%

Your answers are highlighted below.

Question 1
For limited input type, what security measure is most viable as input validation?
A
Output Encoding
B
Create a list of legitimate values that a user is allowed to specify
C
Prepared Statements
D
Blacklist: Create a list of known bad values
Question 2
What is the practice of encoding data to a common character set before validation formally known as?
A
Sanitization
B
Encryption
C
Input Validation
D
Canonicalization
Question 3
Best practice for secure coding against SQL Injection attacks?
A
Use of Parameterized Queries.
B
Lowering application privileges
C
Database hardening
D
Use of Stored Procedures
Question 4
How do you implement efficient error handling?
A
Generic error messages without any information on the type of error or stack traces
B
Redirect user to homepage
C
Give verbose error messages to help obtain necessary technical feedback.
Question 5
Why do you require to change the Session ID after Login?
A
To prevent XSS
B
To Prevent SQL Injection
C
To Prevent Cross Site Request Forgery
D
To prevent Session Fixation
Question 6
For a web mail application that handles form input and displays them in the browser, what threat are you at risk of?
A
SQL Injection
B
XSS
C
Remote File Inclusion
D
CSRF
Question 7
Consider the scenario where a developer uses a cookie to count failed login attempts to implement account lockout against a brute force attack. How can this measure be bypassed?
A
Attacker will attempt a session fixation attack
B
Account Lockout will cause a denial of service thus helping the attacker
C
User can manipulate the cookie
Question 8
For output data as input to another module of the application or to the underlying OS, what would be appropriate?
A
Transfer data using HTTP POST method
B
Validate all Input
C
Per-request session token
D
Implement application at least privilege
Question 9
Which of the following should be avoided as a security measure?
A
Whitelisting
B
Parameterized Queries
C
Blacklisting
D
Encryption
Question 10
To harden your system against a Path Traversal attack, the following is considered a good practice
A
Use a chrooted environment on the directory containing your application files
B
Using Parameterized Queries
C
Transfer data in a POST request
D
Generate a new session identifier to force change from HTTP to HTTPS and deactivate the old one.
Question 11
Failure of handling of concurrent requests by a process dependent on a sequence or timing of events leads to:
A
Session Fixation
B
Brute Force Attack
C
Race Condition
D
SQL Injection
Question 12
The use of a Canary value is a safeguard against what type of attack?
A
Brute Force
B
Heap Overflow
C
Denial of Service
D
Buffer Overflow by stack smashing
Question 13
The best way to implement input validation is by:
A
Client Side Input Validation
B
Server Side Blacklisting
C
Encrypted communications
D
Server Side Whitelisting
Question 14
Before embedding data into an HTTP response header, validating input for CR/LFs would help mitigate against:
A
Remote File Inclusion
B
Cross Site Request Forgery
C
Brute Force Attack
D
HTTP Response Splitting
Question 15
For a centralized input validation component, what is the area at which you redirect input data for validation?
A
At the database
B
At the communication medium
C
Trust Boundary
D
Client Side Form
Once you are finished, click the button below. Any items you have not completed will be marked incorrect.
Get Results


There are 15 questions to complete.
List

Return

Shaded items are complete.
1 2 3 4 5
6 7 8 9 10
11 12 13 14 15
End
Return


Leave a Reply