Answers can be found at http://mdsec.net/wahh.
- You discover an application function where the contents of a query string parameter are inserted into the Location header in an HTTP redirect. What three different types of attacks can this behavior potentially be exploited to perform?
- What main precondition must exist to enable a CSRF attack against a sensitive function of an application?
- For each of the following technologies, identify the circumstances, if any, in which the technology would request /crossdomain.xml to properly enforce domain segregation:
- “We're safe from clickjacking attacks because we don't use frames.” What, if anything, is wrong with this statement?
- You identify a persistent XSS vulnerability within the display name caption used by an application. This string is only ever displayed to the user who configured it, when they are logged in to the application. Describe the steps that an attack would need to perform to compromise another user of the application.
- How would you test whether an application allows cross-domain requests using XMLHttpRequest?
- Describe three ways in which an attacker might induce a victim to use an arbitrary cookie.