Chapter 14: SQL Injection 431
- C. Access control lists (ACLs) are used to set permissions on web content and prevent or
control certain levels of interaction by users. - D. Logs can be used to monitor activity on a system including web applications or
web servers. - B. Fingerprint systems are now becoming more common on laptops and portable devices.
They can also be used to authenticate individuals for access to facilities. - D. Audio and visual components are vital.
- A. A cookie is used to store session information about browsing sessions and is a file that
resides on a client. - B. Session hijacking can be used to take over an existing session that has been authenti-
cated, or to forge a valid session. - D. TCP View can allow for the viewing of TCP connections between client and server
systems. - A. Brute-force attacks are carried out by trying all possible combinations of characters in
an attempt to uncover the correct one. - A. The correct command for retrieving header information from a website is telnet
80.
- D. Hacktivists get their title from the paradigm of hacktivism. These hackers launch attacks
against targets because they believe those targets violate the attackers’ morals, ethics, or
principles. - C. The Wayback Machine is used to view archived versions of websites if available. Not all
websites are archived on the Wayback Machine, however. - A. Encryption offers the ability to prevent content from being viewed by anyone not
specifically authorized to view it. - D. Buffer overflows are a common flaw in software that typically can only be fixed by a
software engineer.
Chapter 14: SQL Injection
- A, D. Input validation is intended to prevent the submission of bad input into an applica-
tion, which could allow SQL injection to take place. - A. Web applications are ideally suited for providing dynamic content of all types. Although
some of this can be done on the client side, there is much more power and capability on
the server side.
bapp01.indd 431 22-07-2014 10:56:37