ECCouncil 312-96 Practice Test - Questions Answers, Page 3

Identify the type of attack depicted in the figure below:

Stephen is a web developer in the InterCall Systems. He was working on a Real Estate website for one of his clients. He was given a task to design a web page with properties search feature. He designed the following searchpage.jsp

< form Id='form1' method='post' action='SearchProperty.jsp' >

< input type='text' id=''txt_Search' name='txt_Search' placeholder='Search Property...' / >

< input type='Submit' Id='Btn_Search' value='Search' / >

< /form >

However, when the application went to security testing phase, the security tester found an XSS vulnerability on this page. How can he mitigate the XSS vulnerability on this page?

Jacob, a Security Engineer of the testing team, was inspecting the source code to find security vulnerabilities.

Which type of security assessment activity Jacob is currently performing?

Alice, a security engineer, was performing security testing on the application. He found that users can view the website structure and file names. As per the standard security practices, this can pose a serious security risk as attackers can access hidden script files in your directory. Which of the following will mitigate the above security risk?

Which of the following relationship is used to describe security use case scenario?

Identify the formula for calculating the risk during threat modeling.

The threat modeling phase where applications are decomposed and their entry points are reviewed from an attacker's perspective is known as ________

Ted is an application security engineer who ensures application security activities are being followed during the entire lifecycle of the project. One day, he was analyzing various interactions of users depicted in the use cases of the project under inception. Based on the use case in hand, he started depicting the scenarios where attacker could misuse the application. Can you identify the activity on which Ted is working?

A US-based ecommerce company has developed their website www.ec-sell.com to sell their products online. The website has a feature that allows their customer to search products based on the price. Recently, a bug bounty has discovered a security flaw in the Search page of the website, where he could see all products from the database table when he altered the website URL http://www.ec-sell.com/products.jsp?val=100 to http://www.ec-sell.com/products.jsp?val=200 OR '1'='1 -. The product.jsp page is vulnerable to