Deal of The Day! Hurry Up, Grab the Special Discount - Save 25% - Ends In 00:00:00 Coupon code: SAVE25
Welcome to Pass4Success

- Free Preparation Discussions
Mail Us support@pass4success.com
Location US
Mob_nav_barsMENU

Eccouncil Exam 312-96 Topic 1 Question 22 Discussion

Actual exam question for Eccouncil's 312-96 exam
Question #: 22
Topic #: 1
[All 312-96 Questions]

Thomas is not skilled in secure coding. He neither underwent secure coding training nor is aware of the consequences of insecure coding. One day, he wrote code as shown in the following screenshot. He passed 'false' parameter to setHttpOnly() method that may result in the existence of a certain type of vulnerability. Identify the attack that could exploit the vulnerability in the above case.

Show Suggested Answer Hide Answer
Suggested Answer: B

by Clay at Jul 13, 2024, 02:22 PM

Limited Time Offer

25%

Off

Get Premium 312-96 Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

Submit Cancel
Maile
11 months ago
SQL Injection? Directory Traversal? What is this, a video game boss fight? I think Thomas just unlocked the 'Insecure Coding' achievement. Time to start a new game and level up those secure coding skills!
upvoted 0 times
Justine
11 months ago
C) SQL Injection Attack
upvoted 0 times
...
Jani
11 months ago
B) Client-Side Scripts Attack
upvoted 0 times
...
...
Arlette
12 months ago
Client-side scripts attack is the correct answer here. Passing 'false' to setHttpOnly() means the session cookie won't be marked as HttpOnly, which leaves it vulnerable to client-side scripts. Thomas really needs to brush up on web security basics.
upvoted 0 times
Eladia
11 months ago
It's important to always be aware of potential vulnerabilities in your code.
upvoted 0 times
...
Glynda
11 months ago
Yes, you're right. Thomas should definitely learn more about secure coding.
upvoted 0 times
...
Charolette
11 months ago
I think the correct answer is B) Client-Side Scripts Attack.
upvoted 0 times
...
...
Jenelle
12 months ago
I believe the correct answer is B) Client-Side Scripts Attack because the code is not properly securing the HTTPOnly flag.
upvoted 0 times
...
Oren
1 years ago
Hmm, I'm not too sure about this one. Could it also be a denial-of-service attack? Either way, Thomas needs to learn about secure coding practices, and fast! Maybe he can try a 'Secure Coding for Dummies' book - it might be a good starting point.
upvoted 0 times
...
Helene
1 years ago
The code snippet shows that Thomas passed 'false' to the setHttpOnly() method, which could lead to a client-side scripts attack. That's a dangerous vulnerability that could allow attackers to steal session cookies and gain unauthorized access.
upvoted 0 times
Della
10 months ago
C) SQL Injection Attack
upvoted 0 times
...
Lavonda
11 months ago
B) Client-Side Scripts Attack
upvoted 0 times
...
Elke
11 months ago
A) Denial-of-Service attack
upvoted 0 times
...
Ashley
11 months ago
C) SQL Injection Attack
upvoted 0 times
...
Shannan
12 months ago
B) Client-Side Scripts Attack
upvoted 0 times
...
Luis
12 months ago
A) Denial-of-Service attack
upvoted 0 times
...
...
Vilma
1 years ago
I agree with Chantay, passing 'false' to setHttpOnly() method can lead to client-side scripts being able to access sensitive information.
upvoted 0 times
...
Chantay
1 years ago
I think the vulnerability in the code could be exploited by a Client-Side Scripts Attack.
upvoted 0 times
...

Save Cancel