Free The SecOps Group Certified-AppSec-Practitioner Exam Questions

Scan the code below and identify the vulnerability which is the most applicable for this scenario. 

In the context of the Race Condition vulnerability, which of the following statements is true? 

Based on the below request/response, which of the following statements is true?SendGET/dashboard.php?purl=http://attacker.com HTTP/1.1Host: example.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) Firefox/107.0Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8Accept-Language: en-GB,en;q=0.5Accept-Encoding: gzip, deflateUpgrade-Insecure-Requests: 1Sec-Fetch-Dest: documentSec-Fetch-Mode: navigateSec-Fetch-Site: noneSec-Fetch-User: ?1Cookie: JSESSIONID=38RB5ECV10785B53AF29816E92E2E50Te: trailersConnection: keep-alivePrettyRaw | Hex | php | curl | ln | PrettyHTTP/1.1 302 Found 2022-12-03 17:38:18 GMTDate: Sat, 03 Dec 2022 17:38:18 GMTServer: Apache/2.4.54 (Unix) OpenSSL/1.0.2k-fips PHP/8.0.25X-Powered-By: PHP/8.0.25Content-Length: 0Content-Type: text/html; charset=UTF-8Connection: keep-aliveLocation:http://attacker.comSet-Cookie: JSESSIONID=38C5ECV10785B53AF29816E92E2E50; Path=/; HttpOnly

Which of the following security attributes ensures that the browser only sends the cookie over a TLS (encrypted) channel?

Under the same-origin policy (also SOP), a web browser permits scripts contained in a web page to access data in another web page, but only if both web pages have the same origin. Which of the following pages are in the same origin as that of the below URL?http://www.example.com/dir/page2.htmlhttp://www.example.com/dir/other.htmlhttp://www.example.com:81/dir/other.htmlhttp://www.example.com/dir/other.htmlhttp://en.example.com/dir/other.html