OWASP Top 10 Web Application Security Risks | Exam PT0-001 | CompTIA

OWASP Top 10 v2017 Web Application Security Risks

Q: Which of the following web-application security risks are part of the OWASP Top 10 v2017? (Choose two.)

Buffer overflowsCross-site scripting

Prev Question Next Question

Question

Which of the following web-application security risks are part of the OWASP Top 10 v2017? (Choose two.)

Answers

A. Buffer overflows

B. Cross-site scripting

C. Race-condition attacks

D. Zero-day attacks

E. Injection flaws

F. Ransomware attacks.

Show Answer

Explanations

Click on the arrows to vote for the correct answer

A. B. C. D. E. F.

AB.

https://owasp.org/www-pdf-archive/OWASP_Top_10_2017_RC2_Final.pdf

The OWASP Top 10 is a list of the most critical web application security risks, updated every few years by the Open Web Application Security Project (OWASP) community. The most recent version of the OWASP Top 10 is the 2017 edition, which includes the following risks:

B. Cross-site scripting (XSS) - This occurs when an attacker injects malicious code (usually in the form of a script) into a web page viewed by other users. When the victim user visits the page, the script is executed, allowing the attacker to steal data, perform actions on behalf of the user, or even take over the user's session.

E. Injection flaws - This refers to a range of attacks where an attacker injects untrusted input into a web application, causing the application to execute unintended commands or access data without authorization. Common injection flaws include SQL injection, LDAP injection, and command injection.

A. Buffer overflows - Buffer overflow attacks occur when an attacker sends more data than a program's buffer can handle, causing the excess data to overwrite adjacent memory locations. This can result in the program behaving unexpectedly or crashing, and in some cases can allow the attacker to execute arbitrary code on the system.

C. Race-condition attacks - A race condition occurs when a system's behavior depends on the timing or sequence of events, and an attacker can manipulate that timing to cause unexpected or malicious behavior. This type of attack is often difficult to execute reliably and is not part of the OWASP Top 10 v2017.

D. Zero-day attacks - Zero-day attacks refer to exploits that target previously unknown vulnerabilities in software or systems. These types of attacks are not included in the OWASP Top 10, as they are not specific to web applications.

F. Ransomware attacks - Ransomware is a type of malware that encrypts a victim's files and demands payment in exchange for the decryption key. While ransomware attacks can be devastating, they are not part of the OWASP Top 10, as they are not specific to web applications.

In summary, the two web-application security risks that are part of the OWASP Top 10 v2017 are Cross-site scripting (XSS) and Injection flaws.

Prev Question Next Question