Why is it recommended to avoid using inline scripts on a secure website?
Web Security: Common Vulnerabilities And Their Mitigation - The nonce attribute and the script hash
Interactive Video
•
Information Technology (IT), Architecture
•
University
•
Hard
Quizizz Content
FREE Resource
The video tutorial covers the importance of avoiding inline scripts for web security and introduces methods to safely use them when necessary. It explains the use of the nonce attribute and script hashing to whitelist inline scripts under Content Security Policy (CSP). The tutorial also provides guidance on implementing CSP in existing production sites, including using report-only mode to identify and fix violations before full enforcement.
Read more
10 questions
Show all answers
1.
MULTIPLE CHOICE QUESTION
30 sec • 1 pt
They can lead to cross-site scripting vulnerabilities.
They are not supported by all browsers.
They are difficult to maintain.
They increase the website's loading time.
2.
MULTIPLE CHOICE QUESTION
30 sec • 1 pt
What is the purpose of the nonce attribute in a script tag?
To uniquely identify and whitelist a specific inline script.
To provide a fallback for unsupported browsers.
To improve the script's performance.
To specify the script's execution order.
3.
MULTIPLE CHOICE QUESTION
30 sec • 1 pt
How should a nonce be generated for each page response?
By using the same ID for all responses.
By using a secure random ID that changes with each response.
By using a timestamp.
By using a hardcoded value.
4.
MULTIPLE CHOICE QUESTION
30 sec • 1 pt
What is an alternative method to nonce for whitelisting inline scripts?
Using a script tag.
Using a script URL.
Using a script ID.
Using a script hash.
5.
MULTIPLE CHOICE QUESTION
30 sec • 1 pt
What must be done if the JavaScript content of a script tag changes?
The script tag must be removed.
The nonce must be updated.
The hash must be regenerated.
Nothing, the hash remains the same.
6.
MULTIPLE CHOICE QUESTION
30 sec • 1 pt
How can you obtain the hash for a script using Chrome developer tools?
By using a third-party tool.
By manually calculating the hash.
By running the script with the content security policy header set.
By inspecting the script tag in the HTML.
7.
MULTIPLE CHOICE QUESTION
30 sec • 1 pt
What is the purpose of the report-only mode in content security policy?
To disable content security policy.
To report violations without enforcing restrictions.
To allow all scripts by default.
To enforce restrictions immediately.
Create a free account and access millions of resources
Create resources
Host any resource
Get auto-graded reports
Microsoft
Apple
Others
Similar Resources on Quizizz
11 questions
Web Hacking Expert - Full-Stack Exploitation Mastery - Bypassing CSP through Flash File
Interactive video
•
University
2 questions
Web Security: Common Vulnerabilities And Their Mitigation - The nonce attribute and the script hash
Interactive video
•
University
8 questions
Web Security: Common Vulnerabilities And Their Mitigation - Default directives and wildcards
Interactive video
•
University
8 questions
PowerShell for Automating Administration - Remote Execution of the Script from Terminal Server
Interactive video
•
University
8 questions
Automating Image Creation with HashiCorp Packer for DevOps - Examples of Different Provisioners
Interactive video
•
University
8 questions
Python 3: Project-based Python, Algorithms, Data Structures - Bisection search - recursive implementation
Interactive video
•
University
8 questions
Modern HTML and CSS from the Beginning (Including Sass) - Variables & Partials
Interactive video
•
University
8 questions
Bash Shell Scripting - Accepting an Input from the User
Interactive video
•
University
Popular Resources on Quizizz
15 questions
Character Analysis
Quiz
•
4th Grade
17 questions
Chapter 12 - Doing the Right Thing
Quiz
•
9th - 12th Grade
10 questions
American Flag
Quiz
•
1st - 2nd Grade
20 questions
Reading Comprehension
Quiz
•
5th Grade
30 questions
Linear Inequalities
Quiz
•
9th - 12th Grade
20 questions
Types of Credit
Quiz
•
9th - 12th Grade
18 questions
Full S.T.E.A.M. Ahead Summer Academy Pre-Test 24-25
Quiz
•
5th Grade
14 questions
Misplaced and Dangling Modifiers
Quiz
•
6th - 8th Grade