Cyber Monday 2024! Hurry Up, Grab the Special Discount - Save 25% - Ends In 00:00:00 Coupon code: SAVE25
Welcome to Pass4Success

- Free Preparation Discussions

Eccouncil Exam 312-96 Topic 1 Question 22 Discussion

Actual exam question for Eccouncil's 312-96 exam
Question #: 22
Topic #: 1
[All 312-96 Questions]

Thomas is not skilled in secure coding. He neither underwent secure coding training nor is aware of the consequences of insecure coding. One day, he wrote code as shown in the following screenshot. He passed 'false' parameter to setHttpOnly() method that may result in the existence of a certain type of vulnerability. Identify the attack that could exploit the vulnerability in the above case.

Show Suggested Answer Hide Answer
Suggested Answer: B

Contribute your Thoughts:

Maile
4 months ago
SQL Injection? Directory Traversal? What is this, a video game boss fight? I think Thomas just unlocked the 'Insecure Coding' achievement. Time to start a new game and level up those secure coding skills!
upvoted 0 times
Justine
3 months ago
C) SQL Injection Attack
upvoted 0 times
...
Jani
3 months ago
B) Client-Side Scripts Attack
upvoted 0 times
...
...
Arlette
4 months ago
Client-side scripts attack is the correct answer here. Passing 'false' to setHttpOnly() means the session cookie won't be marked as HttpOnly, which leaves it vulnerable to client-side scripts. Thomas really needs to brush up on web security basics.
upvoted 0 times
Eladia
3 months ago
It's important to always be aware of potential vulnerabilities in your code.
upvoted 0 times
...
Glynda
3 months ago
Yes, you're right. Thomas should definitely learn more about secure coding.
upvoted 0 times
...
Charolette
3 months ago
I think the correct answer is B) Client-Side Scripts Attack.
upvoted 0 times
...
...
Jenelle
4 months ago
I believe the correct answer is B) Client-Side Scripts Attack because the code is not properly securing the HTTPOnly flag.
upvoted 0 times
...
Oren
5 months ago
Hmm, I'm not too sure about this one. Could it also be a denial-of-service attack? Either way, Thomas needs to learn about secure coding practices, and fast! Maybe he can try a 'Secure Coding for Dummies' book - it might be a good starting point.
upvoted 0 times
...
Helene
5 months ago
The code snippet shows that Thomas passed 'false' to the setHttpOnly() method, which could lead to a client-side scripts attack. That's a dangerous vulnerability that could allow attackers to steal session cookies and gain unauthorized access.
upvoted 0 times
Della
3 months ago
C) SQL Injection Attack
upvoted 0 times
...
Lavonda
3 months ago
B) Client-Side Scripts Attack
upvoted 0 times
...
Elke
3 months ago
A) Denial-of-Service attack
upvoted 0 times
...
Ashley
4 months ago
C) SQL Injection Attack
upvoted 0 times
...
Shannan
4 months ago
B) Client-Side Scripts Attack
upvoted 0 times
...
Luis
4 months ago
A) Denial-of-Service attack
upvoted 0 times
...
...
Vilma
5 months ago
I agree with Chantay, passing 'false' to setHttpOnly() method can lead to client-side scripts being able to access sensitive information.
upvoted 0 times
...
Chantay
5 months ago
I think the vulnerability in the code could be exploited by a Client-Side Scripts Attack.
upvoted 0 times
...

Save Cancel
az-700  pass4success  az-104  200-301  200-201  cissp  350-401  350-201  350-501  350-601  350-801  350-901  az-720  az-305  pl-300  

Warning: Cannot modify header information - headers already sent by (output started at /pass.php:70) in /pass.php on line 77