User selects item -> summary page -> Payment Which of the following can be business logic flaw in above business flow:

Able to go back to summary page with same session and lower the total price.

Denial of service of Payment gateway

<button type="button" disabled href="admin.jsp">Admin</button> The above button is available to non-admin user.

It could be bypassed by editing HTML code at client side.

This is secure method to implement Access Control

"admin.jsp" cannot be accessed by non admin user

Broken Access control II

Authored by G3C Team

Other

Professional Development

Used 28+ times

AI Actions

Add similar questions

Adjust reading levels

Convert to real-world scenario

Translate activity

More...

Content View

Student View

10 questions

Show all answers

MULTIPLE CHOICE QUESTION

20 sec • 1 pt

Vulnerabilities associated with Broken Access Control:
[Multiple Choice]

Forced Browsing

IDOR

LFI

All of the above

MULTIPLE CHOICE QUESTION

30 sec • 1 pt

$file = $_GET['file'];
include('directory/' . $file);

This PHP code can lead to:

XXE

Local File Inclusion

Insecure Direct Object Reference

Cross-site scripting

MULTIPLE SELECT QUESTION

30 sec • 1 pt

The secure file permission(s) are:

-rws---r-x root root

-rwx------ root root

drwxr-x-w- root root

-r-xr-xr-x root root

MULTIPLE CHOICE QUESTION

30 sec • 1 pt

Forced Browsing is:

Forcing the application to upload malicious file

Remote code execution in the webserver

enumerate and access resources that are not referenced by the application, but are still accessible

None of these

MULTIPLE CHOICE QUESTION

30 sec • 1 pt

What threat are you vulnerable to if you do not validate authorization of user for direct references to restricted resources?

Cross site scripting

Cross Site Request Forgery

SQL Injection

Insecure Direct Object References

MULTIPLE SELECT QUESTION

45 sec • 1 pt

Which of the following are effective ways to implement access control?
[Multiple Choice]

Implementing Access Control Matrix for application resources

Using hidden form fields to authorize

Logging unauthorized users actions

Enforcing RWX permission for every files on server for everyone

MULTIPLE CHOICE QUESTION

20 sec • 1 pt

Taking control of Admin functionality and Misusing sensitive data that they are unauthorized to access is:

Xml Enternal Entities Injection

SQL Injection

Cross site scripting

Broken Access Control

Access all questions and much more by creating a free account

Create resources

Host any resource

Get auto-graded reports

Continue with Google

Continue with Email

Continue with Classlink

Continue with Clever

or continue with

Microsoft

Apple

Others

Already have an account?

Similar Resources on Wayground

10 questions

External Review (ER) Prep I

Quiz

•

Professional Development

10 questions

Library Services and Digitalization Quiz 2

Quiz

•

Professional Development

10 questions

IOS vocabulary

Quiz

•

Professional Development

10 questions

October Download (+) Aseesement

Quiz

•

Professional Development

10 questions

HRM

Quiz

•

Professional Development

10 questions

Dad V Girls

Quiz

•

KG - Professional Dev...

10 questions

2024 Risk Identification Exercise Quiz

Quiz

•

Professional Development

15 questions

Ice breaking

Quiz

•

Professional Development

Popular Resources on Wayground

7 questions

History of Valentine's Day

Interactive video

•

4th Grade

15 questions

Fractions on a Number Line

Quiz

•

3rd Grade

20 questions

Equivalent Fractions

Quiz

•

3rd Grade

25 questions

Multiplication Facts

Quiz

•

5th Grade

$fractions$

22 questions

fractions

Quiz

•

3rd Grade

15 questions

Valentine's Day Trivia

Quiz

•

3rd Grade

20 questions

Main Idea and Details

Quiz

•

5th Grade

20 questions

Context Clues

Quiz

•

6th Grade

Discover more resources for Other

44 questions

Would you rather...

Quiz

•

Professional Development

20 questions

Black History Month Trivia Game #1

Quiz

•

Professional Development

12 questions

Mardi Gras Trivia

Quiz

•

Professional Development

14 questions

Valentine's Day Trivia!

Quiz

•

Professional Development

7 questions

Copy of G5_U5_L14_22-23

Lesson

•

KG - Professional Dev...

16 questions

Parallel, Perpendicular, and Intersecting Lines

Quiz

•

KG - Professional Dev...

11 questions

NFL Football logos

Quiz

•

KG - Professional Dev...

12 questions

Valentines Day Trivia

Quiz

•

Professional Development

Broken Access control II

Vulnerabilities associated with Broken Access Control:[Multiple Choice]

$file = $_GET['file'];include('directory/' . $file);This PHP code can lead to:

The secure file permission(s) are:

Forced Browsing is:

What threat are you vulnerable to if you do not validate authorization of user for direct references to restricted resources?

Which of the following are effective ways to implement access control?[Multiple Choice]

Taking control of Admin functionality and Misusing sensitive data that they are unauthorized to access is:

User selects item -> summary page -> PaymentWhich of the following can be business logic flaw in above business flow:

Parameter Temepering of GET parameters can be mitigated using

<button type="button" disabled href="admin.jsp">Admin</button>The above button is available to non-admin user.

Access all questions and much more by creating a free account

Similar Resources on Wayground

Popular Resources on Wayground

Discover more resources for Other

Vulnerabilities associated with Broken Access Control:
[Multiple Choice]

$file = $_GET['file'];
include('directory/' . $file);

This PHP code can lead to:

Which of the following are effective ways to implement access control?
[Multiple Choice]

User selects item -> summary page -> Payment

Which of the following can be business logic flaw in above business flow:

<button type="button" disabled href="admin.jsp">Admin</button>
The above button is available to non-admin user.