You are conducting a security audit for a web application that uses URL rewriting. The application
does not allow for user-generated content and is accessible only via secured VPN.
Which two security threats would you prioritize in your audit?
A.
SQL injection
B.
Cross-site scripting
C.
Parameter-site manipulating
D.
Session hijacking
E.
Denial-of-service attacks
XSS will not be an issue if the app does not allow user-generated content
So I guess Denial-of-service attacks ?
DE
CD
D should not the answer. Network is secured. How can session id be captured?
E should not be right answer, too. It’s VPN connection and attacker identity is already known. If your identity is known, why you will conduct DoS attack?
C should not be right answer, too. User-generated content is not allowed.
So, the answer A and C.
D should not the answer. Network is secured. How can session id be captured?
E should not be right answer, too. It’s VPN connection and attacker identity is already known. If your identity is known, why you will conduct DoS attack?
C should not be right answer, too. User-generated content is not allowed.
A and C are possible threats.
In url rewriting your session id visible
D and E. A, B, C will be possible only if the application allows user generated content.
D is majorly caused by url re-writting because the sesdion ID will be appended to the URL.
E is possible irrespective of the security features that have been put in place
DE is correct answer.