Independence Day Deal! Unlock 25% OFF Today – Limited-Time Offer - Ends In 00:00:00 Coupon code: SAVE25
Welcome to Pass4Success

- Free Preparation Discussions
Mail Us support@pass4success.com
Location US
Mob_nav_barsMENU

Eccouncil Exam 312-96 Topic 1 Question 22 Discussion

Actual exam question for Eccouncil's 312-96 exam
Question #: 22
Topic #: 1
[All 312-96 Questions]

Thomas is not skilled in secure coding. He neither underwent secure coding training nor is aware of the consequences of insecure coding. One day, he wrote code as shown in the following screenshot. He passed 'false' parameter to setHttpOnly() method that may result in the existence of a certain type of vulnerability. Identify the attack that could exploit the vulnerability in the above case.

Show Suggested Answer Hide Answer
Suggested Answer: B

by Clay at Jul 13, 2024, 02:22 PM

Limited Time Offer

25%

Off

Get Premium 312-96 Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

Submit Cancel
Maile
10 months ago
SQL Injection? Directory Traversal? What is this, a video game boss fight? I think Thomas just unlocked the 'Insecure Coding' achievement. Time to start a new game and level up those secure coding skills!
upvoted 0 times
Justine
10 months ago
C) SQL Injection Attack
upvoted 0 times
...
Jani
10 months ago
B) Client-Side Scripts Attack
upvoted 0 times
...
...
Arlette
11 months ago
Client-side scripts attack is the correct answer here. Passing 'false' to setHttpOnly() means the session cookie won't be marked as HttpOnly, which leaves it vulnerable to client-side scripts. Thomas really needs to brush up on web security basics.
upvoted 0 times
Eladia
10 months ago
It's important to always be aware of potential vulnerabilities in your code.
upvoted 0 times
...
Glynda
10 months ago
Yes, you're right. Thomas should definitely learn more about secure coding.
upvoted 0 times
...
Charolette
10 months ago
I think the correct answer is B) Client-Side Scripts Attack.
upvoted 0 times
...
...
Jenelle
11 months ago
I believe the correct answer is B) Client-Side Scripts Attack because the code is not properly securing the HTTPOnly flag.
upvoted 0 times
...
Oren
11 months ago
Hmm, I'm not too sure about this one. Could it also be a denial-of-service attack? Either way, Thomas needs to learn about secure coding practices, and fast! Maybe he can try a 'Secure Coding for Dummies' book - it might be a good starting point.
upvoted 0 times
...
Helene
11 months ago
The code snippet shows that Thomas passed 'false' to the setHttpOnly() method, which could lead to a client-side scripts attack. That's a dangerous vulnerability that could allow attackers to steal session cookies and gain unauthorized access.
upvoted 0 times
Della
9 months ago
C) SQL Injection Attack
upvoted 0 times
...
Lavonda
10 months ago
B) Client-Side Scripts Attack
upvoted 0 times
...
Elke
10 months ago
A) Denial-of-Service attack
upvoted 0 times
...
Ashley
10 months ago
C) SQL Injection Attack
upvoted 0 times
...
Shannan
10 months ago
B) Client-Side Scripts Attack
upvoted 0 times
...
Luis
11 months ago
A) Denial-of-Service attack
upvoted 0 times
...
...
Vilma
11 months ago
I agree with Chantay, passing 'false' to setHttpOnly() method can lead to client-side scripts being able to access sensitive information.
upvoted 0 times
...
Chantay
11 months ago
I think the vulnerability in the code could be exploited by a Client-Side Scripts Attack.
upvoted 0 times
...

Save Cancel