14 Oct Practice Test Question: Web Application Security
Preparing for your next security certification exam? After trying your hand at this practice test question, join the FREE CertMike Study Group for the CISSP, Security+, CySA+, or SSCP certification to receive new questions each week. You’ll also receive free access to my customized study strategies.
Tonya is developing a web application and is embedding a session ID in the application that is exchanged with each network communication. What type of attack is Tonya most likely trying to prevent?
A. Replay
B. Man-in-the-middle
C. Buffer overflow
D. SQL injection
Correct Answer: A.
Session tokens, or session IDs, are used to prevent an eavesdropper from stealing authentication credentials and reusing them in a different session, in what is known as a replay attack. The use of session IDs would not prevent an attacker from carrying out an application layer attack, such as a buffer overflow or injection. It also would not be effective against a man-in-the-middle attack, as the attacker could simply establish a secure session with the server and would, therefore, have access to the session ID.
Miriam
Posted at 17:01h, 16 OctoberGood practice question. Thanks Mike!