reviewing the security logs of a web application, the security team have found traces of unknown users. Which of the following vulnerability is present in the Web application? a. Broken authentication b. SQL injection c. Cross-site scripting d. Broken access control

reviewing the security logs of a web application, the security team have found traces of unknown users. Which of the following vulnerability is present in the Web application? a. Broken authentication b. SQL injection c. Cross-site scripting d. Broken access control

Management Of Information Security

6th Edition

ISBN:9781337405713

Author:WHITMAN, Michael.

Publisher:WHITMAN, Michael.

Chapter7: Risk Management: Treating Risk

Section: Chapter Questions

Problem 7E

See similar textbooks

Related questions

Q: Which of the following terms is used to describe that the message is genuine and is from the source…

A: How to check the message is genuine. we take a simple example through (Message authentication…

Q: send many requests to multiple servers with spoofed source, response can flood target and the…

A: DDoS attacks come from multiple locations, often spoofed. DDos is accomplished by flooding the…

Q: In which of the following authentication methods user needs to punch the card in the card slot or…

A: Given that In which of the following authentication methods user needs to punch the card in the card…

Q: Which of the following is true of group accounts? (Choose all that apply.) a. They organize users…

A: Basically Group Accounts are those accounts which are accessed by a group of individuals. In this…

Q: hich argument supports shifting data to the cloud the most? What security issue is most important to…

A: Cloud computing is the provision of computer system resources, especially data storage and computing…

Q: Percy is configuring Advanced Audit Policy settings for Windows 10 clients in his organization.…

A: Lets discuss the solution in the next steps

Q: You have expanded your Windows domain to a branch office. You want user authentication to be handled…

A: Correct answer is a. Install an RODC.

Q: Which of the following is NOT correct about firewalls? a. Firewalls are used for software only b. In…

A: a. Firewalls are used for software only.

Q: g. found = 0; in.open( "a:client.dta:, ios:binary); in.read((char*)&client, sizeof(client)); while(…

A: In case of multiple questions, we are only allowed to answer first one. In this case since we do not…

Q: Which of the following is created on the AD FS server that acts as the claims provider in an AD FS…

A: Federation trust: can be created to bypass requests for secondary credentials so that organizations…

Q: On servers with Linux operating system, access logs are kept under which of the following…

A: As per our policy, "Since you have asked multiple questions, we will solve the first question for…

Q: A web application that mistakenly allow anonymous users to submit crafted input in the comments…

A: Given: A web application that mistakenly allow anonymous users to submit crafted input in the…

Q: Which of the following is not a step involved in a session fixation attack? The attacker sends an…

A: Which of the following is not a step involved in a session fixation attack? The attacker sends…

Q: Which of the following remote assistance tools are Ezekiel and Welma most likely using? a. Remote…

A: Welma is facing a issue when trying to save a file. Welma is not being able to resolve the issue…

Q: You found that Security logs utilize a significant amount of diskspace on Server. Most of the…

A: You can set or disable the audit policy categories and subcategories on each Windows system on your…

Q: Which of the following security features is put into place to ensure correct authorization?…

A: Authentication: The authentication process identified the user who wants to access the network…

Q: Which authentication method requires the computer to be joined to either a domain or Azure AD? a.…

A: Pass-through Authentication in Azure Active Directory (Azure AD) allows your users to sign in to…

Q: c. Which of the following statements is correct? (a) There are simple countermeasures for botnets…

A: Spyware is malicious software that collects details about a client or organization and sends them to…

Q: Which of the following does NOT describe a defense that a user can take to protect themselves from a…

A: Multiple browsers helps from the CSRF attacks and segregating will also help from trusting the…

Q: Which of the following problems are solved by Homomorphic Encryption? Group of answer choices…

A: ANSWER : 1. The problems are solved by Homomorphic Encryption is Encryption problems in cloud…

Q: gr33n@pple

A: passwords is considered as the best among the suggested password for a user named: Khalid Ali? a.…

Q: Suppose the cloud server installed a firewall that can detect virus A, Custom C installed a…

A: The correct answer is provided below:

Q: 1) What is the command that is used to generate these key pairs? 2) Which system, SSH client or SSH…

A: According to the question we it is necessary to create both a public and a private key in order to…

Q: Which of the following can't be used for authentication?

A: Authentication is a process of checking the user whether the user is eligible to access that…

Q: which type of cloud security vulnerability is static application security fasting (SAST) likely to…

A: The solution for the above given question is given below:

Q: Which web application vulnerability from the following you would exploit in order to manipulate data…

A: Explanation: a.XML injection - it allows access to databaseb.SQL injection - it allows user to login…

Q: 20. Which of the following description is not true? A. tuning off the folder name display function…

A: Explanation : User can select only those password which fulfils the password conditions and that…

Q: Which of the following is not true about message authentication code (Mac) class

A: MCQ: Which of the following is not true about message authentication code (Mac) class?…

Q: An enterprise is deploying APIs that utilize a private key and a public key to ensure the connection…

A: According to the question , we have to explain for the correct answer (not in a situational way)…

Q: user user_123 lacks CREATE SESSION privilege; logon denied How you enable the user user_123 to log…

A: ORA-01045 means that the user who tried to connect to the database has no privilege to connect to.…

Q: what is an appropriate countermeasure given the threat of a power outage of a cloud service…

A: Backup generators are an appropriate countermeasure for the threat of power outage of a cloud…

Q: Which of the following parameters are required for the certificate template that will be used for…

A: IKEv2: IKEv2 stands for lnternet Key Exchange Version 2. It is a VPN encryption protocol responsible…

Q: Suppose that an attacker was able to exploit a weak session token. Which type of the following…

A: 5 Most Common Web Application Attacks (And 3 Security Recommendations) Cross-Site Scripting (XSS)…

Q: Assume that Lulu’s web application is using the URL parameters as a method for transmitting data via…

A: In order to hack vulnerable applications, attackers may use a variety of security threats. Most of…

Q: Which of the following is/are true about Windows Security, recently renamed Windows Defender…

A: 55) Correct option is : a) It let you see and set many of the Computer's Security statuses from one…

Q: A company created an external application for its customers. A security researcher now reports that…

A: A company created an external application for its customer but by using it , A security researcher…

Q: An enterprise is deploying APIs that utilize a private key and a public key to ensure the connection…

A: Check further steps for the answer :

Q: If a Web application doesn't validate any client's access to any system resource, which of the…

A: To Do: To find the OWASP Vulnerability.

Q: When you run SELECT * FROM tblUsers WHERE user_login=‘’ OR ‘a’ = ‘a’; on a web application, you are…

A: a. SQL Injection attack

Q: Don't give wrong yaml again You need to create roles of apache Kindly give eright command and…

A: First, run command All you have to perform on command line interface $ansible-galaxy init…

Q: An enterprise is deploying APIs that utilize a private key and a public key to ensure the connection…

A: Given enterprise is deploying APIs that utilize a private key and a public key to ensure the…

Q: Which of the following is an example of refactoring? refactoring to block SSRF (Server-side request…

A: answer is - none of the above refactoring to block SSRF(Server site Request Forgery) attack…

Q: Which of the following is/are considered Active attack/s? O a. Replay attack ut of Ob. Man in the…

A: Active attacks are attacks in which the hacker attempts to change or transform the content of…

Q: Which type of web application vulnerability occurs when a web application failed to validate a user…

A: When an web application is failed to validate a user An user can access anything with out…

Q: Lab4: Network Security with Cryptography - Implementation Objective: This lab will be able to…

A: Five tools are: 1.GPG: GNU Privacy Guard (PGP): GNU Privacy Guard is a free and open-source…

Concept explainers

Network Security

The word "network security" refers to a wide range of technology, devices, and processes. In its most basic form, it is a combination of rules and configurations that use both hardware and software technologies to safeguard the confidentiality, integrity, and accessibility of computer networks and data. Every company, regardless of sector, size or infrastructure, needs network security solutions to protect itself from the ever-increasing landscape of cyber threats that exist today.

Question

While reviewing the security logs of a web application, the security team have found traces of unknown users. Which of the following
vulnerability is present in the Web application?
a. Broken authentication
b. SQL injection
c. Cross-site scripting
d. Broken access control

Expert Solution

This question has been solved!

Explore an expertly crafted, step-by-step solution for a thorough understanding of key concepts.

SEE SOLUTION Check out a sample Q&A here

Step 1 Introduction to vulnerablities

VIEW

Step 2 Solution

VIEW

Step by step

Solved in 2 steps

SEE SOLUTION Check out a sample Q&A here

Knowledge Booster

Learn more about

Need a deep-dive on the concept behind this application? Look no further. Learn more about this topic, computer-science and related others by exploring similar questions and additional content below.

Similar questions

We've received an alert about a Brute Force attempt on this user. Based on the Windows Event Log below, please answer the following questions:1. What is the account name associated with the login failures?2. What system is this user attempting to authenticate from?3. What domain controller are they attempting to authenticate to?4. What does Logon Type 3 mean and what does that signify?5. What type of authentication was used? 6. What's the other most common Windows logon authentication?7. What do the Status and Sub Status codes mean and what does that tell us?8. Can you conclude the investigation as a likely Brute Force event or a False Positive, and why or why not?10/19/2020 01:03:38 PMLogName=SecuritySourceName=Microsoft Windows security auditing.EventCode=4625EventType=0Type=InformationComputerName=dendcprd02.client.comTaskCategory=LogonOpCode=InfoRecordNumber=261208668Keywords=Audit FailureMessage=An account failed to log on.Subject:Security ID: NULL SIDAccount Name: -Account…
13. _________ is the practice of identifying a user name. Group of answer choices Account harvesting Password cracking Authentication Authorization A functional access control An intrusion detection system 14. When performing security tests for an e-commerce website, which of the following are examples of structural security risks? Choose ALL which apply. Group of answer choices account harvesting password cracking SQL injection buffer overflow encryption levels 19. Fill in the blank for the secure coding practice provided below: Proven session management _____________________ are used to create random session identifiers.
Which of the following security features is put into place to ensure correct authorization? Password policies Automatic updates Account permissions Multi-factor authentication
What type of authentication method is displayed in this picture? Multi-Factor Authentication Biometric Authentication Token-based authentication Single Sign-on 2.Wendy is examining the logs of a web server that was compromised by a remote attacker. She notices that right before the attack, the logs show a series of segmentation fault errors. Other logs indicate that the attacker sent very long input strings to the web server that had malicious commands at the end of the string. What type of attack most likely took place? SQL Injection Cross-site request forgery Cross-Site scripting Buffer Overflow 3.Jessica is combatting a security incident where a specific piece of malware is continually infecting systems on her network. She would like to use application control technology to block this file. What type of application control should she use? Greylisting Bluelisting Whitelisting Blacklisting
Which of these can be used to defend against some types of client attacks on a password system (note: the system must remain a user-knowledge-based authentication system)? Select one: a. Hash the passwords and store the hashes, rather than the plaintext passwords b. Store the password on a physical object c. Use one-time passcodes d. Limit the number of login attempts allowed
Don't give wrong yaml again You need to create roles of apache Kindly give eright command and yaml as well use ansible galaxy Should onlr service package template firewalld ans service
Which of the following is not true regarding a honeypot? a. It is typically located in an area with limited security. b. It contains real data files because attackers can easily identify fake files. c. It cannot be part of a honeynet. d. It can direct an attacker's attention away from legitimate servers.
Which security mechanism(s) are provided in each of the following cases? A school demands student identification and a password to let students log into the school server. A school server disconnects a student if she is logged into the system for more than two hours. A professor refuses to send students their grades by e-mail unless they provide student identification they were preassigned by the professor. A bank requires the customer’s signature for a withdrawal.
Which of the following components are included in Istioâs authentication architecture? Select one: A. Communication security B. Key management C. Identity D. All of the above
Which of the following security attributes is required to verifying the identity of a user and evict imposters? a. Confidentiality b. Availability c. Integrity d. Authentication ___________ Which of the following sentences is incorrect with respect to Shodan? a. Shodan can be used to find open ports b. Shodan is a search engine for Internet connected devices c. Shodan can be used to find online computers d. Shodan can be used to perform an ARP attack -------------------- Which of the following is an example of a security threat to a web server? a. Remote access via Telnet b. Managed open ports c. Patched services d. Long passwords
Web clients need to make use of the web server's built-in authentication and authorization services before they can get access to the server's restricted areas. Do layered procedures provide any additional benefits? Include evidence from real life to back up your claims.
You are creating an app that will allow university students to connect with advisors and other students to discuss stressful situations. Only students who attend the university can access the app. Which two steps should you take to protect student’s identity and personal information? (Choose two.) Group of answer choices Hash student data transmissions with a random salt. Hash the password using an algorithm in the Google database Hash the password with a random salt. Encrypt the password. Encrypt student data transmissions.