Challenge - 5 Problems

🎖️

Security Testing Mastery

Get all challenges correct to earn this badge!

Test your skills under time pressure!

🧠 Conceptual

intermediate

1:30remaining

Identify the primary purpose of OWASP ZAP

OWASP ZAP is a popular security testing tool. What is its main use?

AAutomated vulnerability scanning for web applications

BPerformance testing of mobile apps

CLoad testing of network servers

DCode coverage analysis for unit tests

Attempts:

2 left

❓ Predict Output

intermediate

1:30remaining

What output does this Burp Suite scan summary produce?

Given a Burp Suite scan that finds 3 high, 5 medium, and 2 low severity issues, what is the correct summary output?

Testing Fundamentals

scan_summary = {
  'high': 3,
  'medium': 5,
  'low': 2
}
print(f"High: {scan_summary['high']}, Medium: {scan_summary['medium']}, Low: {scan_summary['low']}")

AHigh: 2, Medium: 3, Low: 5

BHigh: 5, Medium: 3, Low: 2

CHigh: 3, Medium: 5, Low: 2

DHigh: 3, Medium: 2, Low: 5

Attempts:

2 left

❓ assertion

advanced

2:00remaining

Which assertion correctly verifies a SQL injection vulnerability found by sqlmap?

You run sqlmap and want to assert that a vulnerability was found in your test script. Which assertion is correct?

Testing Fundamentals

vulnerabilities = ['XSS', 'SQL Injection', 'CSRF']
# Assertion here

Aassert vulnerabilities == 'SQL Injection'

Bassert 'sql injection' in vulnerabilities

Cassert vulnerabilities.contains('SQL Injection')

Dassert 'SQL Injection' in vulnerabilities

Attempts:

2 left

🔧 Debug

advanced

2:00remaining

Find the error in this script using Nikto scanner output parsing

This Python snippet tries to parse Nikto output but fails. What is the error?

Testing Fundamentals

nikto_output = 'Nikto scan report: No vulnerabilities found'
if nikto_output.find('vulnerabilities') != -1:
    print('Issues detected')
else:
    print('No issues')

AThe if condition is wrong; find() returns -1 if not found, which is truthy

BThe print statements are reversed

CNikto output string is empty, causing error

DThe find() method should be replaced with index()

Attempts:

2 left

❓ framework

expert

2:30remaining

Which security testing framework supports automated API vulnerability scanning?

Among these frameworks, which one is designed for automated API security testing?

AJUnit

BOWASP ZAP

CSelenium

DJMeter

Attempts:

2 left