Virtual Labs

Tools

Aim

Theory

Pretest

Procedure

Simulation

Posttest

References

Feedback

Aim

Theory

Pretest

Procedure

Simulation

Posttest

References

Feedback

Broken Authentication Via Cookie Manipulation

Choose difficulty:

Beginner

Intermediate

Advanced

Why is it problematic if a web application allows users to modify their session cookies directly?

a: It can lead to unauthorized access if users can impersonate others Explanation

Explanation

b: It makes the application slower Explanation

Explanation

c: It increases server storage requirements Explanation

Explanation

d: It complicates the user interface Explanation

Explanation

What is a key security feature to protect session cookies from being accessed by malicious scripts?

a: HttpOnly attribute Explanation

Explanation

b: Path attribute Explanation

Explanation

c: Domain attribute Explanation

Explanation

d: Max-Age attribute Explanation

Explanation

After modifying a session cookie to impersonate an admin, what should a secure web application do to prevent unauthorized actions?

a: Validate user roles and permissions on the server-side Explanation

Explanation

b: Ignore the cookie modifications Explanation

Explanation

c: Allow all users to access admin features Explanation

Explanation

d: Re-encrypt the cookie Explanation

Explanation

Community Links Sakshat Portal Outreach Portal FAQ: Virtual Labs

AGPL 3.0 & Creative Commons (CC BY-NC-SA 4.0)