A Web site that allows users to enter text, such as a comment or a name, and then stores it and later display it to other users, is potentially vulnerable to a kind of attack called a ___________________ attack.(a) Two-factor authentication(b) Cross-site request forgery(c) Cross-site scripting(d) Cross-site scoring scriptingI have been asked this question in examination.My query is from Application Security in chapter Database Programming Techniques of Database Management

A Web site that allows users to enter text, such as a comment or a nam

1.	A Web site that allows users to enter text, such as a comment or a name, and then stores it and later display it to other users, is potentially vulnerable to a kind of attack called a ___________________ attack.(a) Two-factor authentication(b) Cross-site request forgery(c) Cross-site scripting(d) Cross-site scoring scriptingI have been asked this question in examination.My query is from Application Security in chapter Database Programming Techniques of Database Management
Answer» The CORRECT option is (c) Cross-site scripting The explanation is: In such an attack, a malicious user ENTERS code written in a client-side scripting LANGUAGE such as JAVASCRIPT or Flash instead of entering a VALID name or comment.

Discussion

No Comment Found

Related InterviewSolutions

Html code contains:(a) Tags(b) Attributes(c) Elements(d) All of the mentionedI have been asked this question in homework.Question is taken from Web Fundamentals in section Database Programming Techniques of Database Management
Which of the following is not true about HTML ?(a) …(b) (c) …(d) This question was posed to me at a job interview.My doubt is from Web Fundamentals topic in division Database Programming Techniques of Database Management
A __________ is a program running on the server machine, which accepts requests from a Web browser and sends back results in the form of HTML documents.(a) HTML(b) HTTP(c) Web Server(d) Web browserI have been asked this question in an interview for internship.Origin of the question is Web Fundamentals in division Database Programming Techniques of Database Management
A single ______________ further allows the user to be authenticated once, and multiple applications can then verify the user’s identity through an authentication service without requiring reauthentication.(a) OpenID(b) Sign-on system(c) Security Assertion Markup Language (SAML)(d) Virtual Private Database (VPD)The question was asked by my school teacher while I was bunking the class.The origin of the question is Application Security in chapter Database Programming Techniques of Database Management
Even with two-factor authentication, users may still be vulnerable to_____________attacks.(a) Radiant(b) Cross attack(c) scripting(d) Man-in-the-middleThis question was posed to me during an interview.I'd like to ask this question from Application Security topic in portion Database Programming Techniques of Database Management
Which of the following data structure is not linear data structure?(a) Arrays(b) Linked lists(c) Arrays & Linked lists(d) None of the mentionedThis question was posed to me in an interview for internship.My question is based upon Application Performance in chapter Database Programming Techniques of Database Management
The doGet() method in the example extracts values of the parameter’s type and number by using __________(a) request.getParameter()(b) request.setParameter()(c) responce.getParameter()(d) responce.getAttribute()I have been asked this question in homework.The query is from Servlets and JSP in division Database Programming Techniques of Database Management
The Java __________ specification defines an application programming interface for communication between the Web server and the application program.(a) Servlet(b) Server(c) Program(d) RandomizeI have been asked this question in a national level competition.I need to ask this question from Servlets and JSP topic in chapter Database Programming Techniques of Database Management
The application program typically communicates with a database server, through ___________ or other protocols, in order to get or store data.(a) JDBC(b) ODBC(c) All of the mentioned(d) None of the mentionedThis question was addressed to me in quiz.My question comes from Web Fundamentals topic in portion Database Programming Techniques of Database Management
Which of the following criterion is NOT written using the proper syntax?(a) “Haris”(b)

Discussion

No Comment Found

Related InterviewSolutions

Reply to Comment