the adaptive one-way KDF? Adaptive because the workload increases each year to keep up with advances in hardware technology. You now have control of how slow you want it to be to crack those passwords. The count should be: A (doubled each subsequent year), B (tripled each subsequent year), C (doubled each subsequent two years)
(By social engineers to elicit more precise information from a target) B (To force an attacker into a specific area of the targets network) C (When building a threat modelling team to make sure you have all the correct specialities represented within the team to be effective) D (To group types of security defects into particular types)
would not be used to test for XML injection vulnerabilities? A (Single quotes: ') B (Double quotes: ") C (Angle brackets: ><) D (Comma: ,) E (Comment tags: <!-- and -->) F (Ampersand: &) G (CDATA section delimiters: <![CDATA[ and ]]>)
a username and password and validates that both are correct in order to obtain information. We use any password for the password input, and the following string for the username: jdeer")(&))(" What is the type of injection that we are using here? A (SQL) B (NoSQL) C (XPath) D (LDAP) E (XML) F (XQuery) G (Command) H (XSLT) I (none of the above)
storage of client-side session artefacts, what is your main concern: A (CSRF) B (XSS) Cookies are susceptible to both CSRF and XSS attacks (although XSS to a lesser degree). LocalStorage is only concerned with XSS.
the adaptive one-way KDF? The count should be: A (doubled each subsequent year), B (tripled each subsequent year), C (doubled each subsequent two years)
(By social engineers to elicit more precise information from a target) B (To force an attacker into a specific area of the targets network) C (When building a threat modelling team to make sure you have all the correct specialities represented within the team to be effective) D (To group types of security defects into particular types)
you think of? The team that gets closest gets the point. HTML Escape Attribute Escape JavaScript Escape HTML Escape JSON values in HTML context CSS Escape URL Escape Sanitise HTML Prevent DOM-based XSS
would not be used to test for XML injection vulnerabilities? A (Single quotes: ') B (Double quotes: ") C (Angle brackets: ><) D (Comma: ,) E (Comment tags: <!-- and -->) F (Ampersand: &) G (CDATA section delimiters: <![CDATA[ and ]]>)
a username and password and validates that both are correct in order to obtain information. We use any password for the password input, and the following string for the username: jdeer")(&))(" What is the type of injection that we are using here? A (SQL) B (NoSQL) C (XPath) D (LDAP) E (XML) F (XQuery) G (Command) H (XSLT) I (none of the above)
system just described that takes the username and password look like? Closest answer gets a point string ldapLoginQuery = "(&(uId="jdeer")(userPassword="3xp10it3d"))"; With search filter applied: string ldapLoginQuery = "(&(uId="jdeer")(&))("")(userPassword="incorrectpass"))";
you include in an authentication and session management system? A (Logout functionality) B (Regular expressions) C (Escaping functionality) D (Forwarding system functionality)
True or False. When implementing an authentication or session system, you should ensure that new session IDs are not created at login. A (True) B (False)
best way to protect a Web application from invalidated redirects and forwards? A (Validate the referrer header) B (Use extended validation certificates) C (Use the escaping technique) D (Disallow requests to unauthorized file types)
involved in the hardening process? A (Disable unnecessary features) B (Resubmit POST parameters during redirection) C (Repeat the process at random intervals) D (Update the environment with changes only when needed)
language that does not support a clear distinction between code and data. Which vulnerability is most likely to occur in your application? A (Insecure direct object references) B (Failure to restrict URL access) C (Injection) D (Insufficient transport layer protection)
most likely to be caused by poor input validation? A (Enabling of IPSec) B (Insecure cryptographic storage) C (Insufficient transport layer protection) D (Insecure direct object reference)
best way to prevent a DOM-based XSS attack? A (Set the HttpOnly flag in cookies) B (Validate any input that comes from another Web site) C (Ensure that session IDs are not exposed in a URL) D (Ensure that a different nonce is created for each request)
authentication system mandatory requirement? A (Form variables are used for managing session IDs) B (Use a GOTCHA to prevent automated attacks) C (User logout and session inactivity controls) D (Session IDs are only accepted from cookies and parameter variables)
most likely to occur due to an injection attack? A (Spoofing) B (Cross-site request forgery) C (Denial of service) D (Insecure direct object references)
most likely to cause an injection attack? A (Unvalidated input is embedded in an instruction stream) B (Unvalidated input can be distinguished from valid instructions) C (A Web application does not validate a client’s access to a resource) D (A Web action performs an operation on behalf of the user without checking a shared secret)
you include in an authentication and session management system? A (Logout functionality) B (Regular expressions) C (Escaping functionality) D (Forwarding system functionality)
True or False. When implementing an authentication or session system, you should ensure that new session IDs are not created at login. A (True) B (False)
best way to protect a Web application from invalidated redirects and forwards? A (Validate the referrer header) B (Use extended validation certificates) C (Use the escaping technique) D (Disallow requests to unauthorized file types)
involved in the hardening process? A (Disable unnecessary features) B (Resubmit POST parameters during redirection) C (Repeat the process at random intervals) D (Update the environment with changes only when needed)
language that does not support a clear distinction between code and data. Which vulnerability is most likely to occur in your application? A (Insecure direct object references) B (Failure to restrict URL access) C (Injection) D (Insufficient transport layer protection)
most likely to be caused by poor input validation? A (Enabling of IPSec) B (Insecure cryptographic storage) C (Insufficient transport layer protection) D (Insecure direct object reference)
best way to prevent a DOM-based XSS attack? A (Set the HttpOnly flag in cookies) B (Validate any input that comes from another Web site) C (Ensure that session IDs are not exposed in a URL) D (Ensure that a different nonce is created for each request)
authentication system mandatory requirement? A (Form variables are used for managing session IDs) B (Use a GOTCHA to prevent automated attacks) C (User logout and session inactivity controls) D (Session IDs are only accepted from cookies and parameter variables)
most likely to occur due to an injection attack? A (Spoofing) B (Cross-site request forgery) C (Denial of service) D (Insecure direct object references)
most likely to cause an injection attack? A (Unvalidated input is embedded in an instruction stream) B (Unvalidated input can be distinguished from valid instructions) C (A Web application does not validate a client’s access to a resource) D (A Web action performs an operation on behalf of the user without checking a shared secret)
an excellent suite of components for: A (building intrusion detection systems) B (statistical analysis of vulnerabilities in Docker images) C (capturing and graphing VPS and application statistics) D (file integrity checking and graphing)
an excellent suite of components for: A (building intrusion detection systems) B (statistical analysis of vulnerabilities in Docker images) C (capturing and graphing VPS and application statistics) D (file integrity checking and graphing)
behind the JavaScript supersets: Flow and TypeScript A (Liskov Substitution principle) B (Open/closed principle) C (Interface segregation principle) D (Design by Contract)
to prevent Clickjacking, also known as a "UI redress attack" A (HTTPS Connection) B (X-Frame-Options HTTP Header) C (Content-Security-Policy HTTP Header) D (None of the above)
in a specific order by the Diffie-Hellman key agreement, used as part of negotiating a session key for SSH for example. Place the steps into the correct order. E. Both client and server agree on a symmetric cipher, so that they are both encrypting/decrypting with the same block cipher, usually AES F. Each party then create a public key which they exchange with the other party. These public keys are created using the symmetric cipher from step 2, the shared prime number from step 1, and derived from the private key from step 3 C. Both client and server come to agreement on a seed value, that is a large prime number D. All communications from here on are encrypted with the same shared secret key, the connection from here on is known as the binary packet protocol. Each party can use their own shared secret key to encrypt and decrypt, messages from the other party A. Each party then creates another prime number of their own to be used as a private key for this ephemeral DH interaction B. The party receiving the other parties public key, uses this, along with their own private key, and the shared prime number from step 1 to compute their own secret key. Because each party does the same, they both arrive at the same (shared/symmetric/secret) key.
can make in order to add security to your Dockerised components? A (Use Control Groups to limit, track and monitor the resources available to each container) B (Reduce the number of System calls that can be made from within your container) C (Change the default user from root to one of lower privileges) D (Improve application security) E (Fine tune the Linux Namespaces (mnt, PID, net, UTS, IPC, user)) F (Make sure the images you are consuming have been checked with the likes of (Haskell Dockerfile Linter, Lynis, Docker Bench, CoreOS Clair, Banyanops collector, Anchore, TwistLock, Drydock, Actuary))
behind the JavaScript supersets: Flow and TypeScript A (Liskov Substitution principle) B (Open/closed principle) C (Interface segregation principle) D (Design by Contract) (DbC) enforces preconditions, postconditions and invariants in our routines
to prevent Clickjacking, also known as a "UI redress attack" A (HTTPS Connection) B (X-Frame-Options HTTP Header) C (Content-Security-Policy HTTP Header) D (None of the above)
in a specific order by the Diffie-Hellman key agreement, used as part of negotiating a session key for SSH for example. Place the steps into the correct order. C. Both client and server come to agreement on a seed value, that is a large prime number E. Both client and server agree on a symmetric cipher, so that they are both encrypting/decrypting with the same block cipher, usually AES A. Each party then creates another prime number of their own to be used as a private key for this ephemeral DH interaction F. Each party then create a public key which they exchange with the other party. These public keys are created using the symmetric cipher from step 2, the shared prime number from step 1, and derived from the private key from step 3 B. The party receiving the other parties public key, uses this, along with their own private key, and the shared prime number from step 1 to compute their own secret key. Because each party does the same, they both arrive at the same (shared/symmetric/secret) key. D. All communications from here on are encrypted with the same shared secret key, the connection from here on is known as the binary packet protocol. Each party can use their own shared secret key to encrypt and decrypt, messages from the other party
can make in order to add security to your Dockerised components? A (Use Control Groups to limit, track and monitor the resources available to each container) B (Reduce the number of System calls that can be made from within your container) C (Change the default user from root to one of lower privileges) D (Improve application security) E (Fine tune the Linux Namespaces (mnt, PID, net, UTS, IPC, user)) F (Make sure the images you are consuming have been checked with the likes of (Haskell Dockerfile Linter, Lynis, Docker Bench, CoreOS Clair, Banyanops collector, Anchore, TwistLock, Drydock, Actuary))
Team usually create Evil Test Conditions? A (During Sprint Planning) B (Immediately before pulling a Sprint Backlog Item into WIP) C (Immediately after doing the code for a Sprint Backlog Item) D (Immediately before Sprint Review)
disciplines for preventing the traversal of untrusted data through the various execution contexts of your application be performed? A (sanitisation -> filtering -> validation) B (validation -> filtering -> sanitisation) C (filtering -> sanitisation -> validation) D (sanitisation -> validation -> filtering)
by social engineers to: A (Gain additional information from your target using flattery) B (Elicit information by stating deliberate false statements in the hopes that your target will correct you with the accurate information) C (Create an environment where the target will feel comfortable about grumbling or bragging about their situation and thus divulge useful information) D (elicit sensitive information from the target by pretending to divulge confidential information to them)
legal ways of obtaining quality information on a target is to hire their staff by offering them a better deal. Which of the following activities does not fit into the list of Morale, Productivity and Engagement Killers that will make technical staff more likely to be snatched? A (Adding people to a late project) B (Noisy, Crowded Offices) C (Uninterrupted development time) D (Email) E (Meetings) F (Context switching)
Team usually create Evil Test Conditions? A (During Sprint Planning) B (Immediately before pulling a Sprint Backlog Item into WIP) C (Immediately after doing the code for a Sprint Backlog Item) D (Immediately before Sprint Review)
disciplines for preventing the traversal of untrusted data through the various execution contexts of your application be performed? A (sanitisation -> filtering -> validation) B (validation -> filtering -> sanitisation) C (filtering -> sanitisation -> validation) D (sanitisation -> validation -> filtering)
by social engineers to: A (Gain additional information from your target using flattery) B (Elicit information by stating deliberate false statements in the hopes that your target will correct you with the accurate information) C (Create an environment where the target will feel comfortable about grumbling or bragging about their situation and thus divulge useful information) D (elicit sensitive information from the target by pretending to divulge confidential information to them)
legal ways of obtaining quality information on a target is to hire their staff by offering them a better deal. Which of the following activities does not fit into the list of Morale, Productivity and Engagement Killers that will make technical staff more likely to be snatched? A (Adding people to a late project) B (Noisy, Crowded Offices) C (Uninterrupted development time) D (Email) E (Meetings) F (Context switching)
when I leave it, is it safe? Provide (yes or no) and a creative answer Probably not, depends on physical and network access and what ports you have open and what is listening on them.
used against an organisation? Potentially valuable information can be obtained about who the service agents are, which can be used to build a pretext for social engineering the target