Answers can be found at http://mdsec.net/wahh.
- How can data be transmitted via the client in a way that prevents tampering attacks?
- An application developer wants to stop an attacker from performing brute-force attacks against the login function. Because the attacker may target multiple usernames, the developer decides to store the number of failed attempts in an encrypted cookie, blocking any request if the number of failed attempts exceeds five. How can this defense be bypassed?
- An application contains an administrative page that is subject to rigorous access controls. It contains links to diagnostic functions located on a different web server. Access to these functions should also be restricted to administrators only. Without implementing a second authentication mechanism, which of the following client-side mechanisms (if any) could be used to safely control access to the diagnostic functionality? Do you need any more information to help choose a solution?
- (a) The diagnostic functions could check the HTTP Referer header to confirm that the request originated on the main administrative page.
- (b) The diagnostic functions could validate the supplied cookies to confirm that these contain a valid session token for the main application.
- (c) The main application could set an authentication token in a hidden field that is included within the request. The diagnostic function could validate this to confirm that the user has a session on the main application.
- If a form field ...