Crowdly

Tracking user sessions

✅

Managing cookies

Compressing network traffic

What is a major drawback of traditional session-based authentication in modern containerized environments?

Lack of support for APIs

Inability to use cookies for session management

Lack of secure storage options

Difficulty scaling across multiple servers

✅

What are the three primary implementation approaches for session management in web applications?

Temporary files, database storage, URL encoding

Web server-managed, framework-based, custom code

✅

Web server-managed, client-side, protocol-specific

Cookies, tokens, encryption

What are the three main components of a JWT?

Header, Last Active Time, Signature

Header, Server Logs, Signature

Header, Payload, Signature

Payload, User Password, Session List

Which SQL injection type involves conditional logic without visible errors?

Time-based blind SQL injection

Union-based

Boolean exploitation in blind SQL injection

Error-based SQL injection

Which function is commonly disabled to prevent command injections in PHP?

include()

eval()

print_r()

preg_match()

What SQL Injection technique uses external channels like HTTP or DNS to exfiltrate data?

Piggybacked SQL Injection

Blind SQL Injection

Out-of-band SQL Injection

In-band SQL Injection

What is the key remediation strategy for preventing unrestricted file uploads?

Disabling file inclusion features

Enforcing HTTPS for file transfers

Encrypting uploaded files with AES-256

Validating file types using MIME types and extensions

What is a typical payload for time-based blind SQL Injection?

WAITFOR

DELAY '0:0:5'

SELECT

* FROM users WHERE username='admin';

'

UNION SELECT 1, 2 --

'

DROP TABLE users --

Which databases are commonly affected by SQL Injection vulnerabilities?

MS SQL Server, MySQL, Oracle, PostgreSQL

InfluxDB, Cassandra, Neo4j, Elasticsearch

SQLite, Redis, MongoDB, CouchDB

Firebase, DynamoDB, BigTable, CosmosDB