The Open Web Application Security Project (OWASP) Top Ten list of risks during the past several years. The
following items have been on the list for many years. What of the choices below represent threats that have
been at the top of the list for many years?
A.
Cross Site Scripting and Dynamic Unicode injection attacks
B.
SQL Injection and Cross Site Scripting attacks
C.
SQL Injection and Weak Authentication and Session Management attacks
D.
Cross Site Scripting and Security Misconfigurations attacks
Explanation:
SQL injection and Cross Site scripting attacks are the top two risks on the OWASP list.
The top risks identified by the Open Web Application Security Project (OWASP) group as of 2013 are as
follows:
A1: Injection
Injection flaws, such as SQL, OS, and LDAP injection occur when untrusted data is sent to an interpreter as
part of a command or query.
A2: Cross-Site Scripting (XSS)
A3: Broken Authentication and Session Management
A4: Insecure Direct Object References
A5: Cross-Site Request Forgery (CSRF)
A6: Security Misconfiguration
A7: Insecure Cryptographic Storage
A8: Failure to Restrict URL Access
A9: Insufficient Transport Layer Protection
A10: Unvalidated Redirects and Forwards
Incorrect Answers:
A: OWASP refers to SQL, OS, and LDAP injections, not to Dynamic Unicode injection.
C: Weak Authentication and Session Management attacks are ranked third on the OWASP list.
D: Security Misconfiguration is ranked third on the OWASP list.References:
Conrad, Eric, Seth Misenar and Joshua Feldman, CISSP Study Guide, 2nd Edition, Syngress, Waltham, 2012,
pp. 1109-1110