GWAPT Exam Questions

Which of the following is the BEST indicator of a SQL injection vulnerability?

Which tool is effective for analyzing JavaScript vulnerabilities in modern web applications?

What type of SQL injection attack modifies a database without revealing the results to the attacker?

What is the purpose of the "Content-Security-Policy" HTTP header?

A penetration test reveals that session cookies do not have the HttpOnly attribute set. What is the recommended mitigation?

Which of the following measures help mitigate SQL injection risks? (Choose two)

A web application is suspected to have hidden directories and files. Which tool would you use to confirm their existence?

What common configuration errors can expose sensitive data? (Choose two)

During a security assessment, you find that verbose error messages are enabled. What is the immediate action you should recommend?

Which features improve session security in web applications? (Choose two)

Which tool is commonly used as a web application proxy for penetration testing?

A penetration test reveals that the login form is vulnerable to credential stuffing. How can this be mitigated?

What are key practices to prevent session fixation attacks? (Choose two)

Which session attribute helps prevent session hijacking?

Which tool is MOST commonly used during manual web application testing for GWAPT tasks?

What happens if an application uses predictable password reset tokens?

Which of the following are indicators of sensitive information leakage during reconnaissance? (Choose two)

During a penetration test, you discover that a login form is vulnerable to SQL injection. Which payload could you use to bypass authentication?

Which of the following is an example of a client-side scripting language?

What does SameSite cookie attribute help mitigate?

What is the role of fuzzing in web application security testing?

You discover that a web application stores session IDs in URLs. What immediate action should you recommend?

Which of the following are common session management vulnerabilities? (Choose two)

What practices help secure web application authentication mechanisms? (Choose two)

Which of the following is a common indicator of a SQL injection vulnerability?

What is the purpose of spidering during reconnaissance?

What are the outputs of performing a web application mapping process? (Choose two)

Which feature of Burp Suite allows modification of HTTP/HTTPS requests before sending them to the server?

Which encoding method should be used to safely display user input in HTML content?

Which HTTP response code is MOST likely returned after successful authentication?

Which OWASP Top 10 2021 category includes authentication and session flaws?

A web application you are testing has directory listing enabled, exposing sensitive files. What should you recommend to mitigate this?

Which of the following tools can be used to perform reconnaissance on a web application? (Choose two)

What is the primary role of a web server in web applications?

In a Reflected Cross-Site Scripting attack, where is the malicious payload executed?

What is a session fixation attack?

Which steps help prevent clickjacking attacks? (Choose two)

While testing a web application, you notice it accepts HTML input and displays it on a webpage. What additional steps should you take to confirm an XSS vulnerability?

During a penetration test, you find a login form vulnerable to CSRF. What is your next step?

What are common uses of cookies in web applications? (Choose two)