Thank you for taking the Secure Coding Quiz. For a better idea of application security, please download our free product ThreatModeler to learn more about threat modeling and building secure applications.

 

Secure Coding Quiz

Congratulations - you have completed Secure Coding Quiz. You scored %%SCORE%% out of %%TOTAL%%. Your performance has been rated as %%RATING%%
Your answers are highlighted below.
Question 1
Best practice for secure coding against SQL Injection attacks?
A
Lowering application privileges
B
Use of Stored Procedures
C
Use of Parameterized Queries.
D
Database hardening
Question 2
Failure of handling of concurrent requests by a process dependent on a sequence or timing of events leads to:
A
Race Condition
B
Brute Force Attack
C
SQL Injection
D
Session Fixation
Question 3
The use of a Canary value is a safeguard against what type of attack?
A
Brute Force
B
Denial of Service
C
Buffer Overflow by stack smashing
D
Heap Overflow
Question 4
What is the practice of encoding data to a common character set before validation formally known as?
A
Canonicalization
B
Sanitization
C
Input Validation
D
Encryption
Question 5
For a centralized input validation component, what is the area at which you redirect input data for validation?
A
At the database
B
At the communication medium
C
Client Side Form
D
Trust Boundary
Question 6
Why do you require to change the Session ID after Login?
A
To Prevent SQL Injection
B
To prevent Session Fixation
C
To prevent XSS
D
To Prevent Cross Site Request Forgery
Question 7
To harden your system against a Path Traversal attack, the following is considered a good practice
A
Transfer data in a POST request
B
Using Parameterized Queries
C
Use a chrooted environment on the directory containing your application files
D
Generate a new session identifier to force change from HTTP to HTTPS and deactivate the old one.
Question 8
The best way to implement input validation is by:
A
Server Side Whitelisting
B
Encrypted communications
C
Client Side Input Validation
D
Server Side Blacklisting
Question 9
Which of the following should be avoided as a security measure?
A
Encryption
B
Blacklisting
C
Parameterized Queries
D
Whitelisting
Question 10
How do you implement efficient error handling?
A
Give verbose error messages to help obtain necessary technical feedback.
B
Generic error messages without any information on the type of error or stack traces
C
Redirect user to homepage
Question 11
Consider the scenario where a developer uses a cookie to count failed login attempts to implement account lockout against a brute force attack. How can this measure be bypassed?
A
Account Lockout will cause a denial of service thus helping the attacker
B
Attacker will attempt a session fixation attack
C
User can manipulate the cookie
Question 12
For output data as input to another module of the application or to the underlying OS, what would be appropriate?
A
Per-request session token
B
Validate all Input
C
Transfer data using HTTP POST method
D
Implement application at least privilege
Question 13
For limited input type, what security measure is most viable as input validation?
A
Prepared Statements
B
Create a list of legitimate values that a user is allowed to specify
C
Blacklist: Create a list of known bad values
D
Output Encoding
Question 14
For a web mail application that handles form input and displays them in the browser, what threat are you at risk of?
A
XSS
B
SQL Injection
C
CSRF
D
Remote File Inclusion
Question 15
Before embedding data into an HTTP response header, validating input for CR/LFs would help mitigate against:
A
Cross Site Request Forgery
B
Remote File Inclusion
C
Brute Force Attack
D
HTTP Response Splitting
Once you are finished, click the button below. Any items you have not completed will be marked incorrect. Get Results
There are 15 questions to complete.
List
Return
Shaded items are complete.
12345
678910
1112131415
End
Return
Secure Coding Quiz