An online purchase web application which lets javascript in the browser filter out invalid negative payment amounts is vulnerable to __________.

Question

BlackTom AI · Accepted Answer

To tackle this question, I’ll evaluate each option in turn based on the scenario described.
Option a: 'client side controls bypassing attacks' — This is plausible. If the app relies on JavaScript running in the browser to filter out invalid negative payment amounts, a user could disable or bypass these client-side checks and submit negative amounts anyway. Since client-side validation can be tampered with, this makes the application vulnerable to client-side bypass attacks.
Option b: 'database server SQL injection attacks' — While SQL injection is a serious threat in many systems, it is not directly caused by relying on client-side filtering of negative amounts. SQL injection occurs when user input is unsafely incorporated into SQL queries on the server. The mere existence of client-side filtering does not by itself demonstrate or guarantee SQL injection vulnerability; it depends on server-side input handling. So this option is not a direct or exclusive consequence of the described flaw.
Option c: 'server side controls bypassing attacks' — Similar to option a, this would require server-side controls to be bypassed. The question’s setup emphasizes client-side filtering; unless there are also weak or missing server-side validations, this option is not inherently indicated by the described scenario. Therefore, this option is less supported than a given the stated context.
Option d: 'all of the above' — Since options b and c are not clearly implied by the scenario, claiming all of the above would overstate the risk. The scenario specifically highlights client-side bypass, not necessarily SQL injection or server-side bypasses.
In summary, the most directly supported vulnerability given the described reliance on client-side filtering is that client-side controls can be bypassed by users, allowing negative payment amounts to slip through. The other options introduce other risks that require separate server-side weaknesses to be present, which aren’t established by the prompt.

An online purchase web application which lets javascript in the browser filter out invalid negative payment amounts is vulnerable to __________.单项选择题

类似问题

At which tiers of a web application should developers enforce security?

Which of the following should not be done using client-side scripting?

Question at position 24 Before entering credit card or other sensitive data on a web page, you should make sure it is using the ________ protocol.httphttpssftpftp

Question at position 8 ________ is a social network attack where clicking on a link allows malware to post unwanted links on your page.LinkjackingClickbaitingSharebaitingClickjacking

What types of attacks does Microsoft IIS help protect against?

Attackers may perform reconnaissance on your website by changing parameters using a man-in-the-middle proxy.

Content Security Policy (CSP) is enforced by

SQL injection vulnerability could be used to launch reflective cross site scripting attack.

更多留学生实用工具

智能学习助手

风格化写作助手

论文查重助手

文献引用助手

课堂转译助手

课堂笔记助手

Quiz搜索助手

学校历年真题

智能刷题助手

智能匹配练习

希望你的学习变得更简单