An online purchase web application which lets javascript in the browser filter out invalid negative payment amounts is vulnerable to __________.

Question

BlackTom AI · Accepted Answer

To tackle this question, I’ll evaluate each option in turn based on the scenario described.
Option a: 'client side controls bypassing attacks' — This is plausible. If the app relies on JavaScript running in the browser to filter out invalid negative payment amounts, a user could disable or bypass these client-side checks and submit negative amounts anyway. Since client-side validation can be tampered with, this makes the application vulnerable to client-side bypass attacks.
Option b: 'database server SQL injection attacks' — While SQL injection is a serious threat in many systems, it is not directly caused by relying on client-side filtering of negative amounts. SQL injection occurs when user input is unsafely incorporated into SQL queries on the server. The mere existence of client-side filtering does not by itself demonstrate or guarantee SQL injection vulnerability; it depends on server-side input handling. So this option is not a direct or exclusive consequence of the described flaw.
Option c: 'server side controls bypassing attacks' — Similar to option a, this would require server-side controls to be bypassed. The question’s setup emphasizes client-side filtering; unless there are also weak or missing server-side validations, this option is not inherently indicated by the described scenario. Therefore, this option is less supported than a given the stated context.
Option d: 'all of the above' — Since options b and c are not clearly implied by the scenario, claiming all of the above would overstate the risk. The scenario specifically highlights client-side bypass, not necessarily SQL injection or server-side bypasses.
In summary, the most directly supported vulnerability given the described reliance on client-side filtering is that client-side controls can be bypassed by users, allowing negative payment amounts to slip through. The other options introduce other risks that require separate server-side weaknesses to be present, which aren’t established by the prompt.

FIT1093_S2_2025 Week 10 MCQ: Web Security

An online purchase web application which lets javascript in the browser filter out invalid negative payment amounts is vulnerable to __________.

查看解析

登录即可查看完整答案

类似问题

Attackers may perform reconnaissance on your website by changing parameters using a man-in-the-middle proxy.

Content Security Policy (CSP) is enforced by

SQL injection vulnerability could be used to launch reflective cross site scripting attack.

Content Security Policy (CSP) is enforced by

SQL injection vulnerability could be used to launch reflective cross site scripting attack.

Which of the following is NOT a web security attack?

In a consumer society, many adults channel creativity into buying things

Economic stress and unpredictable times have resulted in a booming industry for self-help products

更多留学生实用工具

考试浏览器助手

风格化写作助手

论文查重助手

文献引用助手

课堂转译助手

课堂笔记助手

Quiz搜索助手

学校历年真题

智能刷题助手

智能匹配练习

希望你的学习变得更简单