INSTITUTE OF AERONAUTICAL ENGINEERING

(Autonomous)
Dundigal, Hyderabad - 500 043

COMPUTER SCIENCE AND ENGINEERING

QUESTION BANK

Course Title NETWORK AND WEB SECURITY

Course Code ACIC03
Program B.Tech
Semester VI CSE
Course Type CORE
Regulation IARE -
UG.20
Theory Practical
Course Structure Lecture Tutorials Credits Laboratory Credits
3 1 4 - -
Course Coordinator Ms T.Jayasri Devi, Assistant Professor

COURSE OBJECTIVES:
The students will try to learn:

I The basics of Cryptography and Network Security.

II The process of securing a message over insecure channel by various means.
III The mechanisms for maintaining confidentiality, integrity and availability of a data.
IV The various protocols for network security to protect against the threats in the
networks .

COURSE OUTCOMES:
After successful completion of the course, students should be able to:
CO 1 Interpret various protocols(TCP,DNS,SMTP) for solving the Understand
security problems in the network.
CO 2 Solve unautorized access from the internet by using Apply
firewalls,DNSSEC with NSEC3.
CO 3 Find computer and network security issues and classify the issues Remember
to prevent, detect and recover from the attacks.
CO 4 Summarize HTML elements and attributes for structuring and Understand
presenting the content of webpage based on the user requirement.
 CO 5 Identify HTTP pollution and HTTP parameter tammpering Apply
attacks by various techniques.
CO 6 Explain the mechanisms for maintaining confidentiality,integrity Understand
and availability of a data.

QUESTION BANK:
Q.No QUESTION TaxonomyHow does this subsume CO’s
the level
MODULE I
SECURITY PROBLEMS IN NETWORK PROTOCOLS
PART A-PROBLEM SOLVING AND CRITICAL THINKING QUESTIONS
1 “TCP maintain a network Remember this would recall the CO 1
conversation by which concept of TCP connection
applications can exchange explain that
data” How it establish a
connection between devices
and exchange data.
2 Analysis TCP and UDP Understand This would recall the CO 1
port scanning techniques? concept of TCP and UDP
How TCP and UDP works security techniques explain
for “3-way Handshaking”? that 3-way handshaking
3 “Routing is the process of Understand The learner will try to CO 1
path selection in any recall concept and
network”. how routing finds demonstrate routing
the shortest path? Illustrate explain
it.
4 “The Domain Name System Remember The learner will try to CO 1
(DNS) is the phonebook of recall the smtp concept and
the Internet.” Why DNS is and explain the DNS
called as the
phonebook.Illustrate with
an example.
5 ”UDP drops the delayed Remember The learner will try to CO 1
packets instead of recall UDP and IP and
processing it and IP handles relevant concepts explain .
the packets differently based
on the transport protocol
used with it”.If both UDP
and IP are unreliable to the
same degree then
demonstrate it with
example

Page 2
6 ”The Simple Mail Transfer Understand The learner will try to CO 1
Protocol (SMTP) is a recall the concept SMTP
technical standard for explain
transmitting electronic mail
(email) over a network”.Is it
possible to configure
multiple SMTP servers in
one application? If yes, then
how?
7 “MTA is used for Mail Remember The learner will try to CO 1
transfer agent” What is the recall the concept of
purpose of SMTP? Is SMTP SMTPl explain the mta
and MTA is similar to each and smtp
other.
8 “TCP can not keep segment Understand The learner will try to CO 1
data secure against the recall tcp/ip, security
message eavesdropping issues of tcp/ip
attacks”.What are the
security issues at
application layer.
9 Is it possible to run two Remember The learner will try to CO 1
BGP processes on the same recall BGP Understand
router? Differentiate types of BGP
between internal Border
Gateway Protocol (iBGP)
and external Border
Gateway Protocol (eBGP).
10 “DNS stores IP address of Understand The learner will try to CO 1
specific domain name in recallDNS explain
authortative server”. What Working procedure of DNS
is the procedure to get the
IP address of specific
domain name.
PART-B LONG ANSWER QUESTIONS
1 What are the Features of Understand The learner will try to TCP CO 2
TCP protocol?Why TCP is protocol,recall TCP
required?Explain the Protocols explain TCP
Working of TCP. working
2 What are the consequences Understand The learner will try to CO 1
of DNS spoofing?How can recall the various
DNS spoofing be prevented? classification of explain
DNS Cache poisoning

Page 3
3 What are the threats to Understand The learner will try to CO 1
SMTP security?.Explain the recall threats to SMTP
key components of SMTP securityexplain
email message. Fundamentals ,SMTP
Protocol ,Model of SMTP
system.
4 What’s SMTP? Is it secure? Understand The learner will try to CO 2
How to make SMTP secure? recall SMTP,Is it
What’s SSL/TLS? secure,How to make SMTP
secure explain SMTP? Is it
secure? How to make
SMTP secure?
5 What is Router? Write the Apply The learner will try to CO 1
advantages and recallRouter derive
disadvantages of Routers. Routersunderstand
Routers,
6 How might vulnerabilities in Understand The learner will try to CO 1
the TCP protocol impact recall TCP/IP protocol
the security of data suite ,Ethernet,Internet
transmission in a network? Protocol (IP)
Provide examples.. explainTCP/IP
protocol,internetProtocol
7 What is DNS cache Understand The learner will try to CO 1
poisoning? What do DNS recall DNS cache poisoning
resolvers do? How does explain the various
DNS caching work? How do classification of DNS cache
attackers poison DNS poisoning and then explain
caches? the classification based on
DNS cache poisoning
8 What is DNS Spoofing?How Understand The learner will try to CO 2
does DNS Spoofing work? recall Risks of DNS
Poisoning and
Spoofingexplain DNS
Poisoning and Spoofing
9 What is BGP? and How Understand The learner will try to CO 1
does it differ from other recall firewall types and
routing protocols? Explain technologies explain
briefly
10 Explain the logical steps Understand The learner will try to CO 1
involved in the SMTP recall BGP security
protocol during the explain security
transmission of an email.
How could vulnerabilities in
SMTP be exploited?.

Page 4
11 Assess the importance of Understand The learner will try to CO 1
securing BGP in preventing recall DNS security
route hijacking. What are explain security
the potential risks
associated with BGP
vulnerabilities?
12 Explain Security problems Understand The learner will try to CO 1
in tcp/ip protocol suite? recall TCP/IP security
explain security
13 Illustrate the logical process Understand The learner will try to CO 1
a router follows when recall TCP/IP security
determining the best route explain security
for a packet in a network.
How could flaws in routing
protocols lead to security
issues?
14 Explain the working of Understand The learner will try to CO 1
internet protocol and the recall tcp/ip security
different versions of Internet explain security
Protocols.
15 How does routing Understand The learner will try to CO 1
work?Explain in recall Routing explain
detail.Mention some Routing
common routing algorithms.
16 What is DOS Understand The learner will try to CO 1
attack?Explain DOS attacks recall routing security
with examples explain security
17 Explain the various Understand The learner will try to CO 1
methods of Malware recall attacks explain
spreading.What are the security attacks
common types of Malware?
18 Explain Spam and Phishing Understand The learner will try to CO 1
Attacks?how can we slove recall Spam and Phishing?
the Spam and Phishing explain security
Attacks?
19 How can unauthorized Understand The learner will try to CO 1
access to emails occur?and recall smtp explain smtp
what are the consequences security
of unauthorized access to
emails and data leakage?
20 Explain SMTP Simple Mail Understand The learner will try to CO 1
Transfer Protocol with a recall smtp security
neat diagram. explain security
PART-C SHORT ANSWER QUESTIONS

Page 5
1 Difference between TCP Understand The learner will try to CO 1
and DNS. recall the definition of tcp
and DNS and explain its
differences
2 Outline the logical steps Understand CO 1
involved in securing BGP.
How does BGP
authentication contribute to
the overall security of
routing?
3 What is the use of TCP in Understand – CO 2
the IP packets?
4 What are the some common understand – CO 2
applications of TCP?
5 What is the main purpose Understand The learner will try to recall CO 1
of TCP? How many TCP various classification of
ports are there?. TCP.
6 What are the 7 network Understand The learner will try to recall CO 2
protocols? network protocols?
7 What are the direct risks to Understand - CO 2
DNS?
8 Mention some common Remember - CO 2
vulnerabilities in a DNS
server? Can DNS see
passwords? What is 8.8 8.8
DNS server?
9 What is the purpose of Remember - CO 2
SMTP?What are the
standard ports used by
SMTP?
10 What is routing problem understan - CO 1
and routing protocol
security in networking?
11 What is Network?What is Understand The learner will try to CO 1
network and web security?. recall the definition of
networks and web security
explain
12 What is IP half scan attack? Understand CO 1
13 What are the Security Understand – CO 2
problems in TCP
14 Explain TCP sequence understand – CO 2
number prediction.
15 What are some common Understand The learner will try to recall CO 1
types of DNS records? various classification of Dns.

Page 6
16 What is DNS as a security Understand The learner will try to recall CO 2
vulnerability network protocols?
17 Define the DNS Tunnelling Remember - CO 2
Attack (Data Exfiltratio)
18 What are the risks of DNS Remember - CO 2
cache poisoning?
19 What is the purpose of a Remember - CO 2
DNS server?
20 What is Simple Mail Understand - CO 1
Transfer Protocol(SMTP)?
MODULE II
NETWORK DEFENSE TOOLS
PART-A PROBLEM SOLVING AND CRITICAL THINKING QUESTIONS
1 “A firewall is software or Apply The learner will try to CO 2
firmware that prevents recall the definition of
unauthorized access to a firewall and explain about
network” How to make use protection between malware
of firewall to protect attacks
computer from malware
attacks?
2 ”A DNS Attack is any Understand The learner will try to CO 2
attack targeting the recall the definition of DNS
availability or stability of a and explain how to protect
network’s DNS service” the system using NSEC3
How does NSEC3 impact
the overall security of the
DNS infrastructure.
3 “A distributed firewall is a Understand The learner will try to CO 2
host-resident security recall the concept of
software application, which distributed firewall and
protects the network as a explain
whole against unwanted
intrusion” How does a
distributed firewall
architecture impact network
performance and scalability
4 ” Depending on their understand The learner will try to CO 2
structure, each type of recall the concept of
firewall has different distributed firewall and
functionality but the same explain
purpose” what factors
should be considered when
designing a distributed
firewall solution?

Page 7
5 “Network-based firewalls are Understand The learner will try to CO 2
commonly used by recall and explain the
organizations to protect the concept of network intrusion
network as a whole” How detection.
can organizations ensure
that their distributed
firewall solution is working
effectively and efficiently?
6 ” Any unauthorized activity Understand The learner will try to CO 2
on a digital network that explain network intrusion
involves stealing valuable
network resources is termed
as network intrusion” what
is the motivation behind
network intrusions.
7 ” Network testing tools are Understand The learner will try to CO 2
a collection of tools that aid Apply the concept of
in measuring the network security testing
performance of various
aspects of a network” How
can the testing process be
tailored to the unique
characteristics of the
network and its
components?
8 “Network testing is an Remember - CO 2
investigation conducted to
provide stakeholders with
information about the
quality of the product or
service under test” How can
the results of the testing be
effectively communicated to
stakeholders, and what
actions should be taken
based on the findings?
9 ” A port scan is a common Remember - CO 2
technique hackers use to
discover open doors or weak
points in a network” How
can port scanning be used
for defensive purposes, such
as identifying vulnerabilities
in your own network?

Page 8
10 ” DNSSEC strengthens Understand The learner will try to CO 2
authentication in DNS using recall and explain the
digital signatures based on concept of Security
public key cryptography” evaluation of DNSSEC with
How is DNSSEC secure? NSEC3
PART-B LONG ANSWER QUESTIONS
1 What is DNSSEC? Explain Understand The learner will try to CO 2
the working of DNSSEC in recall various components
detail. of dnssec explain them
with a neat sketch
2 Explain the Security Understand The learner will try to CO 2
Evaluation of DNSSEC with recall DNSSEC
NSEC3.Explain them briefly explainfunctions of
DNSSEC
3 What is a Distributed Understand The learner will try to CO 2
firewall? Explain the recall explainDistributed
features of a Distributed Firewall
Firewall
4 What are the Key elements Understand The learner will try to CO 2
of Distributed firewall? recall explain Distributed
Explain Why Do firewall
Enterprises Need a
Distributed Firewall?
5 What is Network Intrusion? Understand The learner will try to CO 2
What Are the Risks of recall the concept of
Network Intrusion Intrusion. explain Network
Intrusion.
6 Explain How to Detect Understand The learner will try to CO 2
Network Intrusion recall explain Detect
Network Intrusion
7 Explain How to Prevent Understand The learner will try to CO 2
Network Intrusion? recall network security
measures explain
8 Write the Advantages and Understand The learner will try to CO 2
disadvantages of intrusion recall security explain
detection system
9 What is Network Security Understand The learner will try to CO 2
Testing? Explain the recall security testing tools
Network security testing explain
tools?
10 Explain the types of Understand The learner will try to CO 2
network security testing explaintesting techniques.
techniques.?

Page 9
11 What are the potential risks Understand The learner will try to CO 2
and consequences of recall various components
implementing DNSSEC of dnssec explain them
with NSEC3, and how can with a neat sketch
they be mitigated?
12 What are the benefits of Understand The learner will try to CO 2
implementing DNSSEC recall DNSSEC
with NSEC3? explain explainfunctions of
them briefly DNSSEC
13 What are the benefits of a Understand The learner will try to CO 2
distributed firewall?explain recall explainDistributed
Firewall
14 Assess the effectiveness of Understand The learner will try to CO 2
NSEC3 in addressing the recall explain Distributed
security concerns of firewall
DNSSEC. What are the
potential limitations or
vulnerabilities?
15 What is port scanning? Understand The learner will try to CO 2
Explain the types of port recall the concept of
scanning. Intrusion. explain port
scanning.
16 What are the different port Understand The learner will try to CO 2
scanning techniques? explain port scanning
Explain in detail techniques
17 What are the techniques Understand The learner will try to CO 2
used to Prevent Port Scan recall Port Scan Attacks
Attacks? Explain in detail. explain
18 Explain the techniques for Understand The learner will try to CO 2
detecting port scanning explaindetecting port
scanning
19 What is the mechanism Understand The learner will try to CO 2
employed by a Port recall explain Port
Scanner? Scanner Operate
20 Examine the ethical Understand The learner will try to . CO 2
considerations surrounding
the use of port scanning as
a network defense tool. How
can organizations balance
security needs with privacy
concerns?
PART-C SHORT ANSWER QUESTIONS
1 Define DNSSEC? Remember – CO 2

Page 10
2 What is DNSSEC with Remember – CO 2
NSEC3?
3 What is firewall Remember – CO 2
4 Define Distributed firewall. Remember – CO 3
5 What is the primary goal of Remember – CO 3
Distributed firewall?
6 How is a distributed firewall Remember – CO 2
different from a traditional
firewall?
7 Write the advantage of Remember – CO 2
Distributed firewall over the
traditional firewall
8 How does a distributed Remember – CO 3
firewall impact network
security?
9 What are the applications Remember The learner will try to CO 2
of firewall recall the firewall
10 What are the applications Understand The learner will try to CO 2
of distributed firewall explaindistributed firewall
11 What are network Remember – CO 2
intruders??
12 Mention the types of Remember – CO 3
intrusion detection
systems.?
13 Mention the Types of Remember – CO 3
Network Intrusion
14 What are the different Remember – CO 2
approaches to Network
Security Testing?.
15 Differentiate between White Remember – CO 2
box, Black box and Grey
box security testing?
16 What are the protocols used Remember – CO 2
in port scanning?
17 Define port scanning Remember – CO 2
18 Why port scanning is used? Remember – CO 2
19 What are some common Remember The learner will try to CO 2
types of port scans? recall port scans
20 What are some common use Understand The learner will try to CO 2
cases for a distributed explaindistributed firewall
firewall?
MODULE III
MALWARE AND ATTACKS

Page 11
PART A-PROBLEM SOLVING AND CRITICAL THINKING QUESTIONS
1 ”viruses use infection Remember The learner will try to CO 3
methods where as spyware recall virus explaina virus
uses web traffic for is a living thing?
spreading the fake
information?”Do you think
computer virus is more
dangerous than spyware? If
yes, Why.
2 ”Spyware is loosely defined Remember The learner will try to CO 3
as malicious software recall spyware explain
designed to enter your spyware on your computer
computer device, gather
data about you, and forward
it to a third-party without
your consent.”List the types
of spyware?Illustrate it.

3 ”A keylogger (short for Remember The learner will try to CO 3

keystroke logger) is software recall and explain the
that tracks or logs the keys importance of keylogger
struck on your
keyboard”.List out the
different approaches and
types of keylogger?
Interpret it.
4 ”A Keylogger is a one of the Remember The learner will try to CO 3
type of spyware”.Extend recall and explain the
why is keylogger is useful in concept of spyware
spyware?
5 ”A botnet is a network of Remember The learner will try to CO 3
physical devices that are recall the concept of botnet
connected to the internet explain its importance
and controlled by malware,
leaving the owner of the
device unbeknownst of
anything”.Extend the
purpose and working
process of botnet with neat
diagram?

Page 12
6 ”A botnet is a network of Remember The learner will try to CO 3
physical devices that are recall the concept of botnet
connected to the internet attack explain its types
and controlled by malware,
leaving the owner of the
device unbeknownst of
anything”.List the different
types of attacks in botnet?
Illustrate each type of
attack briefly
7 ”A buffer overflow (or buffer Remember The learner will try to CO 3
overrun) occurs when the recall and explain
volume of data exceeds the hijacking
storage capacity of the
memory buffer”.Which
attack uses this buffer
overflow technique.

8 ”Fuzzing is a Black Box Remember The learner will try to CO 3

software testing technique, recall the concept of
which basically consists in Fuzzing and explain its
finding implementation bugs techniques
using malformed or
semi-malformed data
injection in an automated
fashion.”Interpret and
contrast all kind of
techniques in fuzzing?
9 ”Fuzzing is a Black Box Remember The learner will try to CO 3
software testing technique, recall key concept of
which basically consists in fuzzing and ithe types of
finding implementation bugs fuzzing explain
using malformed or
semi-malformed data
injection in an automated
fashion.”List the types of
Fuzzing? Interpret its pros
and cons.

Page 13
10 ”A buffer overflow attack is Remember The learner will try to CO 3
a common cyberattack that recall the concepts of
deliberately exploits a buffer Control hijacking attacks
overflow vulnerability where and its types explain
user-controlled data is
written to memory”.Extract
the types of buffer overflow
attacks in control hijacking
attack?
PART-B LONG ANSWER QUESTIONS
1 What is malware? List out Understand The learner will try to CO 3
the types of recallconcepts security
malware?Explain the attacks, security services
working procedure of and explain security
malware attack . mechanisms with neat
diagrams
2 Define computer Virus. List Understand The learner will try to . CO 3
out the different types of explaincomputer Virus
computer viruses.
3 Define Spyware.Explain the Understand The learner will try to CO 3
different types of spyware? recall spyware explain
attacks
4 What are the techniques Understand The learner will try to CO 3
used for preventing recallthe concepts malware
Computer Virues? attacks
5 How to recognize your Understand The learner will try to CO 3
system has virus?Explain recall virus
with an example.
6 What is denial of service Understand The learner will try to CO 3
attack? Give any example. explain DDOS
7 What is keylogger.List out Understand The learner will try to CO 3
the types of Keylogger. explainkeylogger and
botnet
8 What is difference between Understand The learner will try to CO 3
DOS and DDOS attack? recallattacks explain DOS
AND DDOS ATTACKS
9 What is control hijacking. Understand The learner will try to CO 3
Explain with an example. explain
10 What is buffer Understand The learner will try to CO 3
overflow?What are the explainbuffer overflow
common causes of buffer
overflow?

Page 14
11 Can we consider exploit as a Understand The learner will try to CO 3
form of malware?Explain explain malware
the consequences of an
exploit attack
12 Distinguish between virus, Understand The learner will try to CO 3
worms and Trojan? are explainbotnets
virus and worms similar?
13 Can you clarify whether a Understand The learner will try to CO 3
keylogger is considered a recall Trojan explain
spyware or Trojan? attacks
Additionally, can you
explain why it falls under
the category that it does?
14 What are the signs of a Understand The learner will try to CO 3
computer exploit attack and .explainexploit attack
how to identify them?
15 What is file infecter Understand The learner will try to CO 3
virus?What are the common explain virus
ways to prevent a file
infecter virus from infecting
a computer system?
16 What is fuzzing? What Understand The learner will try to CO 3
types of inputs can be used explainfuzzed
in fuzzing?Write the
challenges of fuzzing.
17 Illustrate the logical flow of Understand The learner will try to CO 3
information during a typical explaindefense attack
HTTP request and response
cycle. How do HTML, CSS,
and JavaScript contribute to
the rendering of web pages?
18 What are the types of Understand The learner will try to CO 3
attacks?Explain with explain attacks
examples.
19 Analyze the potential Understand The learner will try to CO 3
consequences of a system explain scripting
infected with spyware and
keyloggers. How can
organizations balance the
need for monitoring with
user privacy concerns?
20 Explain the working of Understand The learner will try to CO 3
spyware in detail. explain spyware
PART-C SHORT ANSWER QUESTIONS

Page 15
1 What is malware? Explain Remember – CO 3
each type of malware briefly.
2 What is spyware? List the Remember – CO 3
types of spyware and
explain it briefly.
3 What is the impact of virus Remember – CO 3
in your system and how to
prevent it.
4 List out the different ypes of Remember – CO 3
botnet? Explain it briefly
5 How does DOS attack Remember – CO 3
work? Explain it with neat
diagram
6 Distinguish between denial Remember – CO 3
of service attack and
distributed denial of service
attack. Explain each attack
with one example.
7 Discuss about worms, Remember – CO 3
ransomware, adware and
spyware with an example
8 What are fuzzing techniques Remember – CO 3
and fuzzing attack.
9 Explain the working process Remember – CO 3
of exploit attack .
10 What are the approaches of Remember – CO 3
fuzzing? Explain it briefly.
11 List the different types of Remember – CO 3
fuzzing and explain it
briefly.
12 What are the types of Remember – CO 3
exploit attacks?
13 What is denial of service Remember – CO 3
attack? Explain its types
with example..
14 Explain Control hijacking Remember – CO 3
with an example briefly?
15 How DOS attack works? Remember – CO 3
Explain it with neat
diagram

Page 16
16 Distinguish between denial Remember – CO 3
of service attack and
distributed denial of service
attack ? explain each attack
with one example.
17 What are worms, Remember – CO 3
ransomware, adware and
spyware?Explain with an
example
18 What is the main goal of Remember – CO 3
fuzzing attack?
19 What is an exploit attack? Remember – CO 3
How to mitigate it?
20 Explain fuzzing? Explain it Remember – CO 3
briefly.
MODULE IV
BASICS OF WEB SECURITY
PART A- PROBLEM SOLVING AND CRITICAL THINKING QUESTIONS
1 “HTML is the typical Understand The learner will try to CO 4
documents’ markup recall the structure and
language for developing web basic elementsof html to
pages to display on the web select the for a college
browser” Construct HTML pageexplain the html to
page for a college home select the for a college page
page and explain the same.
2 “In an HTML page, tags Remember The learner will try to CO 4
used are to place the recall of HTML and tags
content and format the formatting explain
pages” List the different
HTML tags used to display
the web- pages.
3 “A web page is a hypertext Understand The learner will try to CO 4
document on the World recallhtml elements, form
Wide Web” Develop the controls to model a form
static web pages required explain html
for an online book store web
site

Page 17
4 “static web page is a web Understand The learner will try to CO 4
page that is delivered to the recall of HTML elements
user’s web browser exactly and attributes and usem to
as stored, in contrast to Desigin Home page explain
dynamic web pages which desigin home page
are generated by a web
application” Design the
static web pages required
for an online shopping cart.
5 “CSS makes the front-end of Remember The learner will try to CO 4
a website shine and it recall the the concept of
creates a great user audio video tags explain
experience” Illustrate the
concept and types of CSS
with an example.
6 “In Cross-site scripting Understand The learner will try to CO 4
(XSS) attack, the attacker recall of Layout designins
injects HTML markup or and navigation
JavaScript into the affected creationexplain navigation
web application’s front-end
client” How to prevent XSS
attacks? List the types of
XSS attacks.
7 “Hypertext Transfer Understand The learner will try to CO 4
Protocol Secure (HTTPS) is recall of elements and
a protocol that secures selectors in stylesheets and
communication and data relate them with CSS
transfer between a user’s properties explain
web browser and a website”
List out the limitations of
HTTPS.
8 “HTTPS is the secure Understand The learner will try to CO 4
version of HTTP” What are recall and relate the
the benefits of using concept of CSS and its
HTTPS? types.
9 “injection flaw is a Recall The learner will try to CO 4
vulnerability which allows recall the concept of list
an attacker to relay tags,table tags,div tags and
malicious code through an css styles
application to another
system” How to detect
injection vulnerabilities?

Page 18
10 “Insufficient user input Understand The learner will try to CO 4
validation is typically the recall the concept of all
main cause of injection HTML and CSS and apply
vulnerabilities” What are them to develop the
the risks of injection flaw? shopping cart
PART-B LONG ANSWER QUESTIONS
1 What is web security?What Understand The learner will try to CO 4
are some common web recallWeb Security
security threats? Considerations and explain
2 What is HTML? and What Understand The learner will try to CO 4
are its key features? recall the concept HTML,
explain
3 Write about the Web Understand The learner will try to CO 4
Security Considerations in recall the Web Security
detail. Considerations explain web
security
4 Explain about different Web Understand The learner will try to CO 4
Security Threats. recall the Web Security
Threats
5 What is CSS? What are the Understand The learner will try to CO 4
advantages of using CSS? recall the css and explain
What are the limitations of the CSS
CSS
6 Elucidate briefly about Understand The learner will try to CO 4
JavaScript and List some recall JavaScript
features of JavaScript
7 What are the key differences Understand The learner will try to CO 4
between Java and recall Java and JavaScript
JavaScript? and How is
JavaScript different from
Java?
8 What is a URL?and Explain Remember – CO 4
the components of URL in
detail.
9 What is the difference Understand The learner will try to CO 4
between webpage, website, recall webpage, website,
web server, and search web server, and search
engine engine
10 What is the frame in Dom? Understand The learner will try to CO 4
What are 2 benefits of recallDom and HTTP and
cross-training ?What are HTTPS explain
the Key Differences between
HTTP and HTTPS

Page 19
11 In how many ways can we Understand The learner will try to CO 4
add CSS to our HTML file? recallcss and HTML
explain
12 What are CSS Understand The learner will try to CO 4
Combinators?Explain the recallcss
box model in CSS and its
components.
13 What is HTTPS and why is Understand The learner will try to CO 4
it important for secure web recallHTTP and HTTPS
applications?
14 What is XSS cross-site Understand The learner will try to CO 4
scripting vulnerability?How recallXSS cross-site
can XSS vulnerabilities be scripting vulnerability
mitigated or prevented?
15 What is XSS injection Understand The learner will try to CO 4
attack?How does XSS recallXSS
injection attack work?
16 What is a SQL injection Understand The learner will try to CO 4
attack?What are the explainSQL injection
different types of SQL
injection attacks?
17 Explain the logical flow of Understand The learner will try to CO 4
HTTP headers in a web recallOS command
request. How can injection
organizations validate and
sanitize user input to
prevent HTTP Header
Injection?
18 What are the risks and Understand The learner will try to CO 4
potential impacts of SQL explain HTTP
injection attacks?
19 What is Same Origin Policy Understand The learner will try to CO 4
and why is the Same Origin recallexplainWeb Attacker
Policyimportant for web Model
security? Write the
Advantages and
disadvantages of Same
Origin Policy
20 What is the X-Domain Understand The learner will try to CO 4
communication? Explain in recall X-Domain
detail.Mention the methods
of X-Domain
communication.
PART-C SHORT ANSWER QUESTIONS

Page 20
1 What are the different CSS Remember — CO 4
border properties?
2 What are the advantages of Understand — CO 4
using CSS?
3 Define URL and List out Remember — CO 4
the types of URL.
4 What is DOM? What is the Remember — CO 4
use of document object
5 What is navigational frame? Remember — CO 4
What are the techniques
required to communicate
between Frames?
6 Define cross domain training Understand — CO 4
and the Pros and Cons of
cross domain training
7 What are the Common Remember — CO 4
Types of Network Attacks
8 What is the most common Understand The learner will try to CO 4
network attack?List out the recall two basic types of
types of network attacks attacks explain
9 What is the same origin Remember – CO 4
policy for a Web page
10 What is XSS cross-site Understand — CO 4
scripting vulnerability and
Which type of XSS attack is
most common
11 What is SVG and why is it Understand — CO 4
used?
12 What are HTTP Request Understand — CO 4
Messages? Explain its
methods.
13 What is the Status Code? Understand — CO 4
Explain it briefly.
14 What is the meaning of 400 Understand — CO 4
bad request response code,
401 unauthorized response
code in http?
15 What are the properties of Understand — CO 4
DOM?Why DOM is
required?
16 What are the limitations of Understand — CO 4
Http? Where we use HTTP.

Page 21
17 What information can an Understand — CO 4
attacker steal using XSS??
18 What are injection flaws? Understand — CO 4
What is the effect of
injection flaw.?
19 What is sql injection? How Understand — CO 4
can we prevent SQL
injection attacks on our
website??
20 Define HTTP Header Understand — CO 4
Injection and why it is
required?
MODULE V
INSECURE WEB LOGIC
PART A-PROBLEM SOLVING AND CRITICAL THINKING QUESTIONS)
1 “Web application security Remember The learner will try to CO 5
involves a variety of recall Basics of Web
processes, technologies, or Security
methods for protecting web
servers, web applications,
and web services from
attack by Internet-based
threats” Identify the web
application security tools.
2 “A logic flaw happens when Understand The learner will try to CO 5
an application does not recall insecure web
behave as expected” How logicexplain about the logic
can we make use of testing flaws
tools and techniques to
uncover logic flaws in
network or web
applications?
3 “logic flaws enables Understand The learner will try to CO 5
attackers to manipulate explain various Flaws
legitimate functionality to
achieve a malicious goal”
what is the best way to
reduce logic flaws?

Page 22
4 “HTTP Parameter Understand The learner will try to CO 5
Pollution allows an attacker explain various Http
to craft a HTTP request in pollution parameter
order to manipulate or
retrieve hidden information”
What tools and techniques
are available to detect
HTTP pollution attacks?
5 “HTTP Parameter Understand The learner will try to CO 5
Pollution occurs when a Illustrate various HTTP
client sends multiple HTTP pollution attacks
parameters with the same
name to a web application
server” compare HTTP
Parameter Pollution attack
with other attacks.
6 “Security misconfigurations Apply The learner will try to CO 5
allow attackers to gain recalll the concept of
unauthorized access to system configyrations
networks, systems and data,
which in turn can cause
significant monetary and
reputational damage to your
organization” List the
factors that can cause the
Security misconfigurations.
7 “Fingerprinting is a type of Understand The learner will try torecall CO 5
online tracking” compare the concept of fingerprinting
browsers and devices in explain about the online
terms of their susceptibility tracking and comparing it
to fingerprinting. with other devices
8 “Browser fingerprinting is Understand The learner will try to CO 5
essentially used to develop a recall the concept of
more accurate user profile fingerprinting explain the
than cookies, making it advantages of device
more in demand” what are fingerprinting
the advantages of device
fingerprinting?
9 “Browser caching is a Understand The learner will try to CO 5
temporary storage area in explain Browser Caching
memory that holds the most Flaws
recently downloaded Web
pages” List the Browser
Caching Flaws.

Page 23
10 “Parameter tampering is a Understand The learner will try to CO 5
type of web-based cyber explain the paramters of
attack in which certain web based cyber attack
parameters in a URL are
changed without a user’s
authorization” How
Parameter tampering can
be prevented?
PART-B LONG ANSWER QUESTIONS
1 What are the common types Understand The learner will try to CO 5
of logic flaws?What are the recall the logic flaws
common challenges faced by explain codeing techniques
developers and security
professionals in identifying
and mitigating logic flaws in
web applications?
2 Explain the 5 pillars of Understand The learner will try to CO 5
security and Explain HTTP recall the attack
parameter pollution attack
in detail.
3 How does the lack of proper Understand The learner will try to CO 5
input validation and recall the HTTP mean
sanitization contribute to insecure explain HTTP
the susceptibility of web
applications to HPP
attacks? What best
practices should developers
follow to prevent parameter
pollution vulnerabilities?
4 How HTTP Parameter Understand The learner will try to CO 5
Tampering,hackers intercept recallhackers intercept
HTTPS? HTTPS explain the HTTP
Parameter
5 What are the key differences Understand The learner will try to CO 6
between session cookies and recallCookie Flaws explain
persistent cookies in terms the Server Misconfiguration
of their usage, security
implications, and
vulnerability to attacks?
How should developers and
administrators handle each
type of cookie to mitigate
potential risks?,

Page 24
6 Explain the logical Understand The learner will try to CO 5
architecture of a web recallHTTP Parameter
browser and how design Tampering
choices can impact security.
How can browser developers
address potential flaws to
enhance security?
7 What is User Interface Understand The learner will try to CO 6
Protection ,What are the recallweb designing and
challenges and issues in the developing
web designing and
developing
8 How can web developers Understand The learner will try to CO 5
protect against HTTP recall explain HTTP
Parameter Tampering Parameter Tampering
attacks? attack
9 Explicit in detail User Understand The learner will try to CO 5
Tracking, Browser Caching recallBrowser Caching
Flaws ,What might go Flaws
wrong when web caching is
used
10 Discuss the Testing for Understand The learner will try to CO 6
Browser Cache Weaknesses recall the Testing for
Browser Cache Weaknesses
11 What are the consequences Understand The learner will try to CO 6
of server misconfiguration? recall misconfiguration
12 How can server Understand The learner will try to CO 6
misconfiguration be recallserver
prevented? misconfiguration
13 How can you detect server Understand The learner will try to CO 5
misconfigurations? recall detect server
misconfigurations
14 What are some of the Understand The learner will try to CO 6
consequences of a successful prevent attacks on user
attack on a user interface interfaces
?and Explain the measures
that can be taken to prevent
attacks on user interfaces
15 Discuss the Testing for Understand The learner will try to CO 6
Browser Cache Weaknesses recall the Testing for
Browser Cache Weaknesses
16 Explain the best practices Understand The learner will try to CO 5
for designing secure web recallsecure web browsers
browsers

Page 25
17 How does device Understand The learner will try to CO 6
fingerprinting work? What recall fingerprinting
steps can users take to
protect them selves from
fingerprinting?
18 What are some common Understand The learner will try to CO 6
vulnerabilities in web recall web applications that
applications that allow for allow for user tracking
user tracking?
19 How can web application Understand The learner will try to CO 5
developers prevent user recall tracking in their
tracking in their applications
applications?
20 What are the 5 types of Understand The learner will try to CO 6
user interface? recall browser interface
PART-C SHORT ANSWER QUESTIONS
1 What is logic flaw Remember — CO 6
2 What are the 4 main types Remember — CO 6
of security vulnerability
3 What are the 5 pillars of Remember — CO 5
security
4 What is HTTP parameter Remember — CO 5
pollution attack
5 What is HTTP parameter Remember — CO 6
tampering
6 What is server Remember CO 5
misconfiguration
7 What is the difference Understand The learner will try to CO 6
between vulnerability and recall vulnerability and
misconfiguration misconfiguration
8 What are the design issues Remember – CO 5
in web development
9 What are the six 6 Understand The learner will try to CO 6
principles of web design recallweb design
10 What is fingerprinting in Understand The learner will try to CO 5
browsers recall fingerprinting in
privacy explain
11 What is browser Remember — CO 6
fingerprinting?
12 Why is fingerprinting a Remember — CO 5
concern for online privacy?
13 What is user tracking? Remember — CO 6

Page 26
 14 Why do companies track Remember — CO 6
user behavior?
15 How can users protect Remember — CO 5
themselves from being
tracked on websites?
16 Explain how HTTP Remember CO 5
pollution and parameter
tampering can manipulate
data in transit. How can
developers implement input
validation to prevent these
attacks?
17 What laws and regulations Understand The learner will try to CO 6
exist to protect user recall protect user privacy
privacy?
18 What are the common types Remember – CO 6
of browser caching flaws?
19 How can browser caching Understand The learner will try to CO 5
flaws be identified and recall identified and
mitigated? mitigated
20 How can users protect Understand The learner will try to CO 5
themselves from the risks recall caching flaws
posed by browser caching explain
flaws?

Course Coordinator: HOD CSE

T .Jayasri Devi

Page 27