Answers can be found at http://mdsec.net/wahh.
- What standard “signature” in an application's behavior can be used to identify most instances of XSS vulnerabilities?
- You discover a reflected XSS vulnerability within the unauthenticated area of an application's functionality. State two different ways in which the vulnerability could be used to compromise an authenticated session within the application.
- You discover stored XSS behavior within data that is only ever displayed back to yourself. Does this behavior have any security significance?
- You are attacking a web mail application that handles file attachments and displays these in-browser. What common vulnerability should you immediately check for?
- How does the same-origin policy impinge upon the use of the Ajax technology XMLHttpRequest?
- Name three possible attack payloads for XSS exploits (that is, the malicious actions that you can perform within another user's browser, not the methods by which you deliver the attacks).
- You have discovered a reflected XSS vulnerability where you can inject arbitrary data into a single location within the HTML of the returned page. The data inserted is truncated to 50 bytes, but you want to inject a lengthy ...