312-50V13 Question #160: Real Exam Question with Answer & Explanation

Question

Take a look at the following attack on a Web Server using obstructed URL: How would you protect from these attacks?

Options

• AConfigure the Web Server to deny requests involving "hex encoded" characters
• BCreate rules in IDS to alert on strange Unicode requests
• CUse SSL authentication on Web Servers
• DEnable Active Scripts Detection at the firewall and routers

Explanation

Obstructed URLs, often involving encoding schemes like hex or Unicode, can bypass basic web server input validation, making it critical to detect such anomalies for security.

Common mistakes.

• A. Configuring the web server to deny requests involving hex-encoded characters is a good practice for web server hardening, but an IDS provides a broader, more centralized detection mechanism for various encoding schemes and anomalous patterns that might not be caught by simple server-side rules.
• C. SSL authentication primarily provides encryption for data in transit and verifies server identity; it does not inherently inspect the content of encrypted requests for malicious encoding, nor does it prevent an attacker from sending an obfuscated URL if the connection is established.
• D. Enabling Active Scripts Detection at the firewall and routers typically focuses on detecting malicious scripts embedded in the traffic payload or preventing script execution, not specifically on analyzing and blocking URL encoding obfuscation, which is more a function of a Web Application Firewall (WAF) or an IDS.

Concept tested. Web server URL encoding attack detection

Reference. https://cheatsheetseries.owasp.org/cheatsheets/Input_Validation_Cheat_Sheet.html

No community discussion yet for this question.