LO1 SR

This only protects data between the website and user, not the Web application itself.

This approach ignores the security of the software on the network or Web server.

This only protects data transmitted through port 443.

The encryption used by SSL is not strong.

White box testing.

Black box testing.

Glass box testing.

Gray box testing.

Authorization.

Authentication

Identity attack.

client-side attack.

GET

POST

PUT

SEND

The site is susceptible to buffer overflow

The site is susceptible to SQL injection

The site is susceptible to parameter tampering

The site is susceptible to XSS

Sanitize inputs to make them non executable.

Insert random data into any linked uniform resource locator

Insert random data into a hidden field

Use a per-session shared secret

Cross State Request Forgery.

Cross Site Reply Forgery.

Cross Site Request Forgery.

Cross State Reply Forgery.

Insert sequence tokens in to the forms and URLs used in transactions.

Use only post method while sending sensitive data to web server

Don’t set up external verification mechanism.

Restrict checking user authentication.

Allowing single words like names as password.

Allowing multiple login attempt for invalid login.

Keeping birthday as password.

Not allowing users to use the previous password.

It is an attackers steals a web session through session ID of victim

A well-managed session ID is called session hijacking.

Storing the sensitive information in the cookies is called session hijacking.

Displaying the session ID in the browser is called session hijacking