VIDEO Intypedia007en EXERCISES AUTHOR: Chema ... - Criptored

VIDEO Intypedia007enLESSON 7: WEB APPLICATION SECURITY - INTRODUCTION TO SQL INJECTION TECHNIQUESEXERCISESAUTHOR: Chema AlonsoSecurity Consultant at Informatica 64. Microsoft MVP Enterprise SecurityEXERCISE 1SQL Injection vulnerabilities are caused by:a) Bugs in the firewall settingsb) Bugs in the application that creates the queriesc) Bugs in the database settingsd) Bugs in the parameter filtering of the browserEXERCISE 2What happens in an inbound SQL injection attack?a) The SQL injection occurs within a queryb) The query results are obtained from the returned HTML pagec) The SQL injection is performed from the outside towards the insided) The firewall allows you to include the results in the SQL queryExercises Intypedia007en 1

EXERCISE 3What is a blind attack?a) An injection in which the attacker doesn't see the SQL query that is being madeb) An attack in which the response time should be measuredc) An attack in which you infer the results because you can't see themd) An injection in which the parameters are blindEXERCISE 4How can you recognize a True result in a blind attack?a) There will be a True when you remove the ID from the database on screenb) By the identifier of the process that generates the queryc) By a keyword in the search results paged) By the response timeEXERCISE 5Which of the following is an effective way to avoid SQL injection vulnerability?a) Filtering quotes in all the queriesb) Filtering quotes and blank spacesc) Avoiding the concatenation of strings of commands and parametersd) Using a firewall to publish web applicationsExercises Intypedia007en 2

ANSWERS1. b2. b3. c4. c and d5. cMadrid, Spain. May 2011http://www.intypedia.comhttp://twitter.com/intypediaExercises Intypedia007en 3