OWASP Top 10 Vulnerabilities Questions and Answers

What Is OWASP?

OWASP Top 10 Vulnerabilities is a nonprofit organization focused on software security. Their projects include a number of open-source software development programs and toolkits, local chapters and conferences, among other things. One of their projects is the maintenance of the OWASP Top 10, a list of the top 10 security risks faced by web applications.

Below are the OWASP Top 10 Vulnerabilities

  1. Injection
  2. Broken Authentication
  3. Sensitive Data Exposure
  4. XML External Entities
  5. Broken Access Control
  6. Security Misconfiguration
  7. Cross-Site Scripting
  8. Insecure Deserialization
  9. Using Components with Known Vulnerabilities
  10. Insufficient Logging and Monitoring
OWASP Top 10 Vulnerabilities Questions and Answers

OWASP Top 10 Vulnerabilities Questions and Answers

Question:1 Which of the following actions should you take to verify the implementation of a web application?

a) Use policy mechanisms

b) Verify that each URL in your application is appropriately protected

c) Use a simple and positive model at every layer

Correct Answer :- Verify that each URL in your application is appropriately protected

Question:2 What attack can be prevented by links or forms that invoke state-changing functions with an unpredictable token for each user?

a) Cross Site Request Forgery

b) Cross Site Tracing

c) OS Commanding

d) Cross Site Scripting

Correct Answer :- OS Commanding

Question:3 What is the attack technique used to exploit websites by altering the backend database queries through inputting manipulated queries?

a) LDAP Injection

b) SQL Injection

c) OS Commanding

d) XML Injection

Correct Answer :- SQL Injection

Question:4 Which of the following depict the typical impact of failure to restrict URL access?

a) Attackers impersonate any user on the system

b) Attackers access other users accounts and data

c) Broken Authentication and Session Management

Correct Answer :- Attackers access other users accounts and data

Question:5 What happens when an application takes user inputted data, and sends it to a web browser without proper validation and escaping?

a) Cross Site Scripting

b) Broken Authentication and Session Management

c) Insecure Direct Object References

d) Security Misconfiguration

Correct Answer :- Cross Site Scripting

Question:6 In which of the following scenarios should you use the escaping technique?

a) When you need to tell the interpreter that input is data and not code

b) When you need to validate any input as valid input

c) When you are trying to protect against regular expression injection

Correct Answer :- When you need to tell the interpreter that input is data and not code

Question:7 Which of the following are the best ways to implement transport layer protection?

a) Both IPSec & SSL Enable

b) Install IDS

c) Set the HttpOnly flag on session ID cookies

d) Enable IPSec

e) Enable SSL

Correct Answer :- Both IPSec & SSL Enable

Question:8 What is an attack that exploits the trust a site has in a user’s browser?

a) SQL Injection

b) Cross Site Scripting

c) Cross Site Request Forgery

d) Session Hijacking

Correct Answer :- Cross Site Request Forgery

Question:9 Which attack can execute scripts in the user’s browser and is capable of hijacking user sessions, defacing websites or redirecting the user to malicious sites?

a) Man in the middle attack

b) Malware Uploading

c) SQL Injection

d) Cross Site Scripting

Correct Answer :- Cross Site Scripting

Question:10 Client-side scripts can be allowed to execute in the browsers for needed operations.

a) True

b) False

Correct Answer :- False

Question:11 What threat arises from not flagging HTTP cookies with tokens, as secure?

a) Session Hijacking

b) Access Control Violation

c) Insecure Cryptographic Storage

d) Session Replay

Correct Answer :- Access Control Violation

Question:12 For a connection that changes from HTTP to HTTPS, what flaw arises if you do not change the session identifier?

a) Cross Site Scripting

b) Session Hijacking

c) Security Misconfiguration

d) Session Replay

Correct Answer :- Session Replay

Question:13 What is an example of a session-related vulnerability?

a) Session Hijacking

b) Data Transfer Protocol

c) Security Tracing

d) Session Spoofing

Correct Answer :- Session Hijacking

Question:14 What type of flaw occurs when untrusted user-entered data is sent to the interpreter as part of a query or command?

a) Cross Site Request Forgery

b) Insecure Direct Object References

c) Injection

d) Insufficient Transport Layer Protection

e) Improper Authentication

Correct Answer :- Injection

Question:15 Which of the following are the best ways to protect against injection attacks?

a) Memory size checks

b) Escaping

c) Validate integer values before referencing arrays

Correct Answer :- Escaping

Question:16 Which of the following consequences are most likely to occur due to an injection attack?

a) Denial of service

b) Spoofing

c) Data loss

Correct Answer :- Denial of service

Question:17 What flaw arises from session tokens having poor randomness across a range of values?

a) Session Replay

b) Session Fixation

c) Insecure Direct Object References

d) Session Hijacking

Correct Answer :- Session Hijacking

Question:18 Which of the following languages are the primary targets of cross-site scripting?

a) SQL

b) Java Script

c) XML Injection

d) XSLT

Correct Answer :- Java Script

Question:19 What is an attack that forces a user’s session credential or session ID to an explicit value?

a) Brute Force Attack

b) Session Fixation

c) Session Hijacking

d) Dictionary Attack

Correct Answer :- Session Fixation

Question:20 What happens when an application takes user inputted data and sends it to a web browser, without proper validation?

a) Security Misconfiguration

b) Cross Site Scripting

c) Insecure Direct Object References

d) Broken Authentication and Session Management

Correct Answer :- Cross Site Scripting

Question:21 Role-based access control helps prevent which OWASP Top 10 vulnerability?

a) Security Misconfiguration

b) Unvalidated Redirect or Forward

c) Failure to restrict URL Access

d) Failure to restrict URL Access

Correct Answer :- Failure to restrict URL Access

Question:22 Which of the following are most likely to result in insecure cryptography?

a) Unsalted hash

b) Missing patches

c) New products

Correct Answer :- Unsalted hash

Question:23 Which threat can be prevented by having unique usernames generated with a high degree of entropy?

a) Spamming

b) Authorization Bypass

c) Crypt-analysis of hash values

d) Authentication Bypass

Correct Answer :- Authentication Bypass

About Author


After years of Technical Work, I feel like an expert when it comes to Develop wordpress website. Check out How to Create a Wordpress Website in 5 Mins, and Earn Money Online Follow me on Facebook for all the latest updates.