[Solved] OWASP Top 10 Vulnerabilities MCQ [Free PDF] - Objective Question Answer for OWASP Top 10 Vulnerabilities Quiz - Download Now! (2024)

1. Only (A) and (B)
2. Only (A) and (C)
3. Only (B) and (C)
4. All (A), (B) and (C)

• WASP stands for the Open Web Application Security Project, an online community that produces articles, methodologies, documentation, tools, and technologies in the field of web application security.
• OWASP Top 10 is the list of the 10 most common application vulnerabilities. It also shows their risks, impacts, and countermeasures.
• Updated every three to four years, the latest OWASP vulnerabilities list was released in 2018.

The Top 10 OWASP vulnerabilities are:

1. Injection
2. Broken Authentication
3. Sensitive Data Exposure
4. XML External Entities (XXE)
5. Broken Access control
6. Security misconfigurations
7. Cross Site Scripting (XSS)
8. Insecure Deserialization
9. Using Components with known vulnerabilities
10. Insufficient logging and monitoring

Get Started for Free

Trusted by 6.1 Crore+ Students

1. Reflected XSS
2. Stored XSS
3. DOM XSS
4. Virtual XSS

Cross Site Scripting (XSS) is a widespread vulnerability that affects many web applications. XSS attacks consist of injecting malicious client-side scripts into a website and using the website as a propagation method.

Three Types of cross-site scripting (XSS)

• Reflected XSS: The application or API includes unvalidated and unescaped user input as part of HTML output. A successful attack can allow the attacker to execute arbitrary HTML and JavaScript in the victim’s browser. Typically the user will need to interact with some malicious link that points to an attacker-controlled page, such as malicious watering hole websites, advertisem*nts, or similar.
• Stored XSS: The application or API stores unsanitized user input that is viewed at a later time by another user or an administrator. Stored XSS is often considered high or critical risk.
• DOM XSS: JavaScript frameworks, single-page applications, and APIs that dynamically include attacker-controllable data to a page are vulnerable to DOM XSS. Ideally, the application would not send attacker-controllable data to unsafe JavaScript APIs. Typical XSS attacks include session stealing, account takeover, MFA bypass, DOM-node replacement or defacement (such as Trojan login panels), attacks against the user’s browser such as malicious software

Get Started for Free

Trusted by 6.1 Crore+ Students

1. Injection
2. HTML
3. XXE
4. XSS

• WASP stands for the Open Web Application Security Project, an online community that produces articles, methodologies, documentation, tools, and technologies in the field of web application security.
• OWASP Top 10 is the list of the 10 most common application vulnerabilities. It also shows their risks, impacts, and countermeasures.
• Updated every three to four years, the latest OWASP vulnerabilities list was released in 2018.

The Top 10 OWASP vulnerabilities are:

1. Broken Authentication
2. Cryptographic Failures
3. Injection
4. Insecure Design
5. Security Misconfiguration
6. Vulnerable and Outdated Components
7. Identification and Authentication Failures
8. Software and Data Integrity Failures
9. Security Logging and Monitoring Failures
10. Server-Side Request Forgery

XML External Entity attack (XXE)

• An XML External Entity attack is a type of attack against an application that parses XML input. This attack occurs when XML input containing a reference to an external entity is processed by a weakly configured XML parser.

• Most XML parsers are vulnerable to XXE attacks by default. That is why the responsibility of ensuring the application does not have this vulnerability lays mainly on the developer.

Get Started for Free

Trusted by 6.1 Crore+ Students

1. Injection
2. Sensitive Data Exposure
3. XML External Entities
4. Broken Authentication

• A broken authentication vulnerability can allow an attacker to use manual and/or automatic methods to try to gain control over any account they want in a system or to gain complete control over the system.
• A web application contains a broken authentication vulnerability if it:

1. Permits automated attacks such as credential stuffing, where the attacker has a list of valid usernames and passwords.
2. Permits brute force or other automated attacks.
3. Permits default, weak, or well-known passwords, such as admin123.

Get Started for Free

Trusted by 6.1 Crore+ Students

1. Insecure Deserialization
2. Cross Site Scripting (XSS)
3. Broken Authentication
4. Privacy Breach

• WASP stands for the Open Web Application Security Project, an online community that produces articles, methodologies, documentation, tools, and technologies in the field of web application security.
• OWASP Top 10 is the list of the 10 most common application vulnerabilities. It also shows their risks, impacts, and countermeasures.
• Updated every three to four years, the latest OWASP vulnerabilities list was released in 2018.

The Top 10 OWASP vulnerabilities are:

Therefore, privacy breach is not a one of the Top 10 OWASP vulnerabilities.

Get Started for Free

Trusted by 6.1 Crore+ Students

1. Reflected XSS
2. Stored XSS
3. DOM XSS
4. Virtual XSS

Cross Site Scripting (XSS) is a widespread vulnerability that affects many web applications. XSS attacks consist of injecting malicious client-side scripts into a website and using the website as a propagation method.

Three Types of cross-site scripting (XSS)

• Reflected XSS: The application or API includes unvalidated and unescaped user input as part of HTML output. A successful attack can allow the attacker to execute arbitrary HTML and JavaScript in the victim’s browser. Typically the user will need to interact with some malicious link that points to an attacker-controlled page, such as malicious watering hole websites, advertisem*nts, or similar.
• Stored XSS: The application or API stores unsanitized user input that is viewed at a later time by another user or an administrator. Stored XSS is often considered high or critical risk.
• DOM XSS: JavaScript frameworks, single-page applications, and APIs that dynamically include attacker-controllable data to a page are vulnerable to DOM XSS. Ideally, the application would not send attacker-controllable data to unsafe JavaScript APIs. Typical XSS attacks include session stealing, account takeover, MFA bypass, DOM-node replacement or defacement (such as Trojan login panels), attacks against the user’s browser such as malicious software

Get Started for Free

Trusted by 6.1 Crore+ Students

1. Injection
2. Sensitive Data Exposure
3. XML External Entities
4. Broken Authentication

• A broken authentication vulnerability can allow an attacker to use manual and/or automatic methods to try to gain control over any account they want in a system or to gain complete control over the system.
• A web application contains a broken authentication vulnerability if it:

1. Permits automated attacks such as credential stuffing, where the attacker has a list of valid usernames and passwords.
2. Permits brute force or other automated attacks.
3. Permits default, weak, or well-known passwords, such as admin123.

Get Started for Free

Trusted by 6.1 Crore+ Students

1. Insecure Deserialization
2. Cross Site Scripting (XSS)
3. Broken Authentication
4. Privacy Breach

• WASP stands for the Open Web Application Security Project, an online community that produces articles, methodologies, documentation, tools, and technologies in the field of web application security.
• OWASP Top 10 is the list of the 10 most common application vulnerabilities. It also shows their risks, impacts, and countermeasures.
• Updated every three to four years, the latest OWASP vulnerabilities list was released in 2018.

The Top 10 OWASP vulnerabilities are:

Therefore, privacy breach is not a one of the Top 10 OWASP vulnerabilities.

Get Started for Free

Trusted by 6.1 Crore+ Students

1. Only (A) and (B)
2. Only (A) and (C)
3. Only (B) and (C)
4. All (A), (B) and (C)

• WASP stands for the Open Web Application Security Project, an online community that produces articles, methodologies, documentation, tools, and technologies in the field of web application security.
• OWASP Top 10 is the list of the 10 most common application vulnerabilities. It also shows their risks, impacts, and countermeasures.
• Updated every three to four years, the latest OWASP vulnerabilities list was released in 2018.

The Top 10 OWASP vulnerabilities are:

1. Injection
2. Broken Authentication
3. Sensitive Data Exposure
4. XML External Entities (XXE)
5. Broken Access control
6. Security misconfigurations
7. Cross Site Scripting (XSS)
8. Insecure Deserialization
9. Using Components with known vulnerabilities
10. Insufficient logging and monitoring

Get Started for Free

Trusted by 6.1 Crore+ Students

1. injection
2. XML External Entity
3. Sensitive Data Exposure
4. Security Misconfiguration

Injection Vulnerabilities:

• Injection vulnerabilities are those flaws that allow cyber attackers to inject malicious code in another system using an application.
• In simpler terms, when an application accepts user inputs and allows these inputs to enter a database, shell command, or operating system, making the application susceptible to an injection flaw. These flaws are usually a result of insufficient input validation. Other causes involve failure to filter or sanitize a user’s input.

Common Types of Injection Flaws:

1. SQL injection

2. Command injection

3.XML injection etc.

Get Started for Free

Trusted by 6.1 Crore+ Students

1. Injection
2. HTML
3. XXE
4. XSS

• WASP stands for the Open Web Application Security Project, an online community that produces articles, methodologies, documentation, tools, and technologies in the field of web application security.
• OWASP Top 10 is the list of the 10 most common application vulnerabilities. It also shows their risks, impacts, and countermeasures.
• Updated every three to four years, the latest OWASP vulnerabilities list was released in 2018.

The Top 10 OWASP vulnerabilities are:

1. Broken Authentication
2. Cryptographic Failures
3. Injection
4. Insecure Design
5. Security Misconfiguration
6. Vulnerable and Outdated Components
7. Identification and Authentication Failures
8. Software and Data Integrity Failures
9. Security Logging and Monitoring Failures
10. Server-Side Request Forgery

XML External Entity attack (XXE)

• An XML External Entity attack is a type of attack against an application that parses XML input. This attack occurs when XML input containing a reference to an external entity is processed by a weakly configured XML parser.

• Most XML parsers are vulnerable to XXE attacks by default. That is why the responsibility of ensuring the application does not have this vulnerability lays mainly on the developer.

Get Started for Free

Trusted by 6.1 Crore+ Students

1. Insecure Direct Object References
2. Injection
3. Cross Site Scripting
4. XML External Entity

A direct object reference occurs when a developer exposes a reference to an internal implementation object, such as a file, directory, or database key without any validation mechanism which allows attackers to manipulate these references to access unauthorized data.

Get Started for Free

Trusted by 6.1 Crore+ Students

1. Broken Authentication

2. Injection

3. HTML decryption
4. Cross Site Scripting

• OWASP Top 10 is the list of the 10 most common application vulnerabilities.
• It also shows their risks, impacts, and countermeasures. Updated every three to four years, the latest OWASP vulnerabilities list was released in 2018.

The latest Top 10 OWASP vulnerabilities are:

1. Injection
2. Broken Authentication
3. Sensitive Data Exposure
4. XML External Entities (XXE)
5. Broken Access control
6. Security misconfigurations
7. Cross Site Scripting (XSS)
8. Insecure Deserialization
9. Using Components with known vulnerabilities
10. Insufficient logging and monitoring

Get Started for Free

Trusted by 6.1 Crore+ Students