An online purchase web application which lets javascript in the browser filter out invalid negative payment amounts is vulnerable to __________.

Question

BlackTom AI · Accepted Answer

To tackle this question, I’ll evaluate each option in turn based on the scenario described.
Option a: 'client side controls bypassing attacks' — This is plausible. If the app relies on JavaScript running in the browser to filter out invalid negative payment amounts, a user could disable or bypass these client-side checks and submit negative amounts anyway. Since client-side validation can be tampered with, this makes the application vulnerable to client-side bypass attacks.
Option b: 'database server SQL injection attacks' — While SQL injection is a serious threat in many systems, it is not directly caused by relying on client-side filtering of negative amounts. SQL injection occurs when user input is unsafely incorporated into SQL queries on the server. The mere existence of client-side filtering does not by itself demonstrate or guarantee SQL injection vulnerability; it depends on server-side input handling. So this option is not a direct or exclusive consequence of the described flaw.
Option c: 'server side controls bypassing attacks' — Similar to option a, this would require server-side controls to be bypassed. The question’s setup emphasizes client-side filtering; unless there are also weak or missing server-side validations, this option is not inherently indicated by the described scenario. Therefore, this option is less supported than a given the stated context.
Option d: 'all of the above' — Since options b and c are not clearly implied by the scenario, claiming all of the above would overstate the risk. The scenario specifically highlights client-side bypass, not necessarily SQL injection or server-side bypasses.
In summary, the most directly supported vulnerability given the described reliance on client-side filtering is that client-side controls can be bypassed by users, allowing negative payment amounts to slip through. The other options introduce other risks that require separate server-side weaknesses to be present, which aren’t established by the prompt.

FIT1093_S2_2025 Week 10 MCQ: Web Security

An online purchase web application which lets javascript in the browser filter out invalid negative payment amounts is vulnerable to __________.

View Explanation

Log in for full answers

Similar Questions

Attackers may perform reconnaissance on your website by changing parameters using a man-in-the-middle proxy.

Content Security Policy (CSP) is enforced by

SQL injection vulnerability could be used to launch reflective cross site scripting attack.

Content Security Policy (CSP) is enforced by

SQL injection vulnerability could be used to launch reflective cross site scripting attack.

Which of the following is NOT a web security attack?

In a consumer society, many adults channel creativity into buying things

Economic stress and unpredictable times have resulted in a booming industry for self-help products

More Practical Tools for Students Powered by AI Study Helper

Homework AI Solver

Stylized AI Paper Writer

Plagiarism Checker Assistant

Citation AI Academic Writing Tool

In-Class Translation Assistant

AI Note Generator

AI Quiz Answers

Past Exam Questions from University Test Bank

Smart Practice Assistant

Adaptive Practice

Making Your Study Simpler