YCEP Quiz

A weakness in a flaw in a computed system that does not weaken the software and hardware

A weakness in an information system

An exploit or trigger by a harmless source.

The conditions determined by physical, social, economic and environmental factors or processes which increase the susceptibility of an individual, a community, assets or systems to the impacts of hazards

Inspector

Network

Storage

Memory

Non-Persistent XSS

Stored XSS

DOM-based XSS

Cross-site XSS

&aqs=avast..69i57j69i65f3j0l4.17668j0j1

:3008

#idjwique2108389247sadj

www.google.com/search?client=avast-a-1&q=Nullsec

Validation

• - Compare the input against a whitelist of allowed values​

• - Ensure that user input is not the only one supplying all parts of the path

Data Debugging​

• - Replaces special characters so that they do not get interpreted as active content​

• < becomes %3E in URLs

• - storing information about a compiled computer program for use by high-level debuggers

• - Did you confuse data encoding with data debugging?

Sanitisation

• - Cleaning up user-provided inputs to prevent execution of unintended code through:​

​

• - Escaping/Replacing characters (' → \')​

• Removing characters or keywords

FireWalls

• - Rule-based blocking (blocking unused SQL keywords)​

• - Inspecting and intercepting suspicious requests​

• - Rate-limit sources making too many attempts

' OR 1 = 1 -- 

" OR "1" = "1"

' OR "1" = "1"

" OR 1 = 1 -- "

wwwroot contains index.html, style.css and script.js

Absolute Path is represented using: ../../IdontKnow/NotAbsolute

Relative Path is represented using: ../../IdontKnow/NotAbsolute

Distinct path is represented using: /dirB/IamnotAbsolute