Web Pentest

blacklisting strings such as "1 OR 1=1" and "UNION" from input

using an intrusion detection system to detect attacks

white listing input (e.g. only allowing alphanumerical characters and spaces)

use of prepared statements or parametrized queries

False. Cookies are often used for tracking sessions

True, only supercookies have this feature

Insecure Door or Room

Invalid Data or Reference

Insecure Direct Object Reference

It is used to spoof or inject false headers in a HTTP request

It is used in Buffer Overflow attacks to overwrite memory

It is used to inject malicious code to a database server, through a query

Blocking specific ports that SQL injections are usually attacked via

Programmers will not make web applications that allow user input

Sanitizing users input in a web application

Web-focused vulnerability detection tools

VPNs

Web application firewalls

Antimalware

Stored XSS

DOM-based XSS

Reflected XSS

DNS XSS

Yes

No

Maybe

I refuse to answer

Method and HTTP version

Request body

Hostname

Content-Length

None of the mentioned

HTTP version number

URL

Method