Week 1 Assignment Submission Form - Team 2
1 message
Google Forms <[email protected]> Wed, 13 Oct, 2021 at 2:57 pm
To:
[email protected] Thanks for filling out Week 1 Assignment Submission Form - Team
2
Here's what was received.
Week 1 Assignment Submission Form -
Team 2
VTF Hacktify Pentesting Internship
This Form will be accepting response 𝐭𝐢𝐥𝐥 𝐎𝐜𝐭𝐨𝐛𝐞𝐫 𝟏𝟑, 𝟐𝟎𝟐𝟏 : 𝟐𝟑:𝟓𝟗:𝟓𝟗 𝐏𝐃𝐓
𝗧𝗵𝗶𝘀 𝗙𝗼𝗿𝗺 𝗰𝗮𝗻 𝘁𝗮𝗸𝗲 𝟯𝟬𝗺𝗶𝗻𝘂𝘁𝗲𝘀 𝘁𝗼 𝟭𝗛𝗼𝘂𝗿 𝘁𝗼 𝗖𝗼𝗺𝗽𝗹𝗲𝘁𝗲
Enter the Email Registered with VTF for the internship.
Email *
[email protected]
Full Name *
Name submitted here will be printed as it is on weekly certificates so enter carefully. This would not be
rectified under any circumstances.
Aryan Pratap
Networking Assignment Submission
Make sure to validate your links before submitting. If your links are not valid you won't be graded for that
assignment.
LinkedIn *
Enter Your LinkedIn Post Link. Example is shown how to get the link.
https://www.linkedin.com/posts/aryan7_vtfoundation-vtfoct21-internships-activity-
6853974365688659968-GRn1
Twitter *
Enter Your Twitter Post Link. Example is shown how to get the link. (Facebook link to be submitted for
interns residing in Nigeria)
https://twitter.com/_aryanpratap_/status/1448209212484374531
Have you Followed / Connected with 25 Interns? *
Yes
No
Penetration Testing Report Submission
You should be submitting 𝐜𝐨𝐦𝐦𝐞𝐧𝐭𝐞𝐫 link of your report.
Link should be visible to anyone on the Internet.
𝐂𝐨𝐦𝐦𝐞𝐧𝐭𝐞𝐫 𝐋𝐢𝐧𝐤
Technical Assessment
𝐊𝐘𝐂 - 𝐊𝐧𝐨𝐰 𝐘𝐨𝐮𝐫 𝐂𝐨𝐧𝐭𝐞𝐧𝐭 for the week. This week's topic - 𝐁𝐮𝐫𝐩 𝐬𝐮𝐢𝐭𝐞 & 𝐎𝐒𝐖𝐀𝐏 !
All the Best !
What does OWASP stand for? *
Open Web Application Secure Penetration
Operational Web Application Secure Project
Open Web Application Security Project
Open Web Assessment Security Project
When a browser does not check for proper validations and escaping the attack
performed is *
Cross Site Scripting
Cross Site Request Forgery
XML External Entities
Sensitive Data Exposure
OTP Bypass, Captcha Bypass, 2FA Bypass, Common Password brute force are
examples of *
Broken Authentication
Broken Access Control
Using Components with known vulnerability
Security Misconfiguration
Following is an example of Sensitive Data exposure *
Github Tokens and API Keys
Sensitive Invoices Indexed by Google
Internal Jira Dashboards
All of the Above
XXE can be prevented by *
Filter Inputs and sanitize them
Disable DTD
Apply Rate limiting
All of the Above
CORS comes under which category *
Broken Access Control
Broken Authentication
Security Misconfiguration
Insufficient Logging and Monitoring
The attack in which web sites are exploited by altering backend database queries
through inputting manipulated queries? *
LDAP Injection
SQL Injection
XML Injection
OS Commanding
When the web application has poor randomness of session tokens than the flow
that happens is *
Insecure Direct Object References
Session Replay
Session Fixation
Session Hijacking
In this attack a user's session credential or session ID is forced to an explicit value.
*
Session Fixation
Session Hijacking
Brute Force Attack
Dictionary Attack
When HTTP cookies with tokens are not flagged as secured the threat that arises is
*
Session Hijacking
Insecure Cryptographic Storage
Access Control Violation
Session Replay
IDOR + MFLAC combined together in OWASP 2017 represents *
Broken Authentication
Broken Access Control
Security Misconfiguration
Insufficient Logging and Monitoring
The following attack can execute scripts in the user's browser and is capable of
hijacking user sessions, or redirecting the user to malicious sites? *
SQLi
XSS
Open Redirect
CSRF
Which of the following can lead to exposure of sensitive data? *
Session Fixation
Improper Authentication
Insecure Cryptographic Storage
Unvalidated redirects and forwards
The vulnerability produced when authorization of user for direct reference to
restricted data is not validated is? *
SQLi
XSS
IDOR
All of the above
Which vulnerability is prevented by Role-Based Access Control *
Failure to restrict URL Access
Unvalidated Redirect or Forward
Security Misconfiguration
Insufficient Transport Layer Protection
The vulnerability when untrusted user-entered data is entered is *
IDOR
Injection
CSRF
Insufficient Transport layer protection
example.com changes connection from HTTP to HTTPS. Assume session identifier
is not being changed what flaw arises? *
Session Replay
XSS
Session Hijacking
CSRF
Which of the following breaks the trust that a site has in user's browser *
Session Hijacking
CSRF
SQL Injection
XSS
What is Phishing? *
Data Transfer Protocol
Email Scam
Network Scandal
Cross Domain Scandal
Cookie can be defined as *
Computer Virus
Web Application file
A file that makes it easier to access a Web site and browse
A file that hackers use to steal your identity
You receive an e-mail from evil.com saying that you have won a contest. What
should you do? *
Claim the prize by providing all the information
Contact administrator for assistance
Forward the email to others
Answer the email to call you back
Network permissions should be established so that users can accomplish their
tasks, but cannot access any system resources that are not necessary so that: *
A hacker cannot steal a legitimate user's identity
Users will not have access to and misuse system resources
Only the resources authorized for that user will be at risk
Hackers will not pose as legitimate users
The following vulnerability was added in OWASP 2017 *
XXE
XSS
CSRF
MFLAC
The following vulnerability was removed from OWASP 2013 *
Unvalidated redirects and forwards
CSRF
XXE
XSS
If an attacker finds a Zero Day exploit of a vulnerable software which category will
it come in *
Insufficient Logging and Monitoring
Using Component with known Vulnerabilities
Security Misconfiguration
Sensitive Data Exposure
Burp Suite is an integrated platform for attack
Client
Server
Browser
Web Application
Which of the following is a tool for mapping web applications and uses various
intelligent techniques?
Burp Spider
Burp Intruder
Burp Repeater
Burp Proxy
The Action in Intercept tab of Burp Suite is used for *
Abandon the message so that it is not forwarded.
Review and edit the message to send the message on to the server or browser.
Shows a menu of available actions that can be performed
Used to check proxy history
The Forward button in Intercept tab of Burp Suite is used to *
Edit the message.
Shows a menu of available actions that can be performed on the currently displayed message
Used to add a comment to interesting items, to easily identify them later.
None of the above
The Comment field control in Intercept tab of Burp Suite is used to *
Edit the message.
Shows a menu of available actions that can be performed on the currently displayed message
Used to add a comment to interesting items, to easily identify them later.
Both A and C
The role of "Do intercept" is *
Responsible for the interception of the request.
Allows to quickly add an interception rule to prevent future interception of messages.
Displays the HTTP status code of the current request.
None of the above
Which of the following is used for web application mapping *
Proxy
Spider
Scanner
All of the above
The role of Burp Suite proxy in handing request in web application is ? *
Manages the configuration of the application.
Uses 8080 port by default for handling web apps.
User need to log into the Burp Suite for the responses and requests that pass through each of
the proxies.
All of the above
Which of the following is/are correct about Burp suite walkthrough step in web
application? *
It is used to test the web application.
It is used to intercepting and modification of the request.
It is used to check the session token management for the users.
All of the above
The following statement is false about request manipulation in Burp Suite *
Burp Comparer is used to identify the difference between two responses of applications
quickly in the context of applications on the web.