OWASP Quiz

Use an allow list, such as table indirection.

Use client-side validation.

Allow only relative redirects.

Use session-based indirection.

Validate the referrer header

Use extended validation certificates

Validate all input from the client

Disallow requests to unauthorized file types

Unsalted hash

Unused services

Default accounts

Failure to rotate keys

Use session-based indirection.

Use POST parameters instead of GET parameters.

Perform an access check each time a resource identifier arrives as input.

Send successful logins to a well-known location instead of automatic redirection.

It should identify returning users to the site.

It should be used as a replacement for a user's credentials.

It should always use a persistent cookie.

It should always use a non-persistent cookie.

Strong passwords are required.

Use a GOTCHA to prevent automated attacks.

User logout and session inactivity are required.

Session IDs are only accepted from cookies and parameter variables.

Credentials are always protected with encryption or cryptographic salting and hashing.

Logout functionality

Inactivity timeout functionality

Escaping functionality

Forwarding system functionality

Window.location

GET/POST parameters

Server configuration files

Ports and network resources

Allow list

Table indirection

Escaping

Object class for user input

Session IDs

Registry keys

Regular expressions

SQL queries based on user input