Deal of The Day! Hurry Up, Grab the Special Discount - Save 25% - Ends In 00:00:00 Coupon code: SAVE25
Welcome to Pass4Success

- Free Preparation Discussions
Mail Us support@pass4success.com
Location US
Mob_nav_barsMENU

Eccouncil Exam 312-96 Topic 1 Question 22 Discussion

Actual exam question for Eccouncil's 312-96 exam
Question #: 22
Topic #: 1
[All 312-96 Questions]

Thomas is not skilled in secure coding. He neither underwent secure coding training nor is aware of the consequences of insecure coding. One day, he wrote code as shown in the following screenshot. He passed 'false' parameter to setHttpOnly() method that may result in the existence of a certain type of vulnerability. Identify the attack that could exploit the vulnerability in the above case.

Show Suggested Answer Hide Answer
Suggested Answer: B

by Clay at Jul 13, 2024, 02:22 PM

Limited Time Offer

25%

Off

Get Premium 312-96 Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

Submit Cancel
Maile
15 days ago
SQL Injection? Directory Traversal? What is this, a video game boss fight? I think Thomas just unlocked the 'Insecure Coding' achievement. Time to start a new game and level up those secure coding skills!
upvoted 0 times
...
Arlette
21 days ago
Client-side scripts attack is the correct answer here. Passing 'false' to setHttpOnly() means the session cookie won't be marked as HttpOnly, which leaves it vulnerable to client-side scripts. Thomas really needs to brush up on web security basics.
upvoted 0 times
...
Jenelle
29 days ago
I believe the correct answer is B) Client-Side Scripts Attack because the code is not properly securing the HTTPOnly flag.
upvoted 0 times
...
Oren
1 months ago
Hmm, I'm not too sure about this one. Could it also be a denial-of-service attack? Either way, Thomas needs to learn about secure coding practices, and fast! Maybe he can try a 'Secure Coding for Dummies' book - it might be a good starting point.
upvoted 0 times
...
Helene
1 months ago
The code snippet shows that Thomas passed 'false' to the setHttpOnly() method, which could lead to a client-side scripts attack. That's a dangerous vulnerability that could allow attackers to steal session cookies and gain unauthorized access.
upvoted 0 times
Shannan
17 days ago
B) Client-Side Scripts Attack
upvoted 0 times
...
Luis
18 days ago
A) Denial-of-Service attack
upvoted 0 times
...
...
Vilma
1 months ago
I agree with Chantay, passing 'false' to setHttpOnly() method can lead to client-side scripts being able to access sensitive information.
upvoted 0 times
...
Chantay
1 months ago
I think the vulnerability in the code could be exploited by a Client-Side Scripts Attack.
upvoted 0 times
...

Save Cancel