A web application for ordering cat food charges users and places an order when an HTTP GET request is issued to the following URL:

http://www.catsupplies.com/order?brand=xxxxx&quantity=xxxxx

A malicious website could add snippets like this to their site:

<img src="http://www.catsupplies.com/order?brand=xxxxx&quantity=xxxxx">

What would help protect against such attacks, considering that the web application has the CORS policy that only allows requests from the same site? 

(Select all acceptable answers.)

Switch the endpoint method from HTTP GET to HTTP PUT and move the query parameters into the request body.
Add an additional "token" cookie, without the same site attribute, that is unique per user session and checks if it's correct when visiting the page.
Only accept IPv6 connections.
Add an additional "token" HTTP header that is unique per user session and checks if it's correct when visiting the page.
Set the Content-Type header of the returned data to text/html.
   

Tags
Web Application Security CSRF Public
Easy

3min

Would you like to see our other questions?

We have 1000+ premium hand-crafted questions for 160+ job skills and 20+ coding languages. We prefer questions with small samples of actual work over academic problems or brain teasers.

Visit our question library
Private Concierge

Send us an email with an explanation of your testing needs and a list of candidates. We will create an appropriate test, invite your candidates, review their results, and send you a detailed report.

Contact Private Concierge

Would you like to see our tests? The following tests contain Web Application Security related questions:
On the TestDome Blog

Screening Applicants: The Good, the Bad and the Ugly

Since we’re all biased and we use incorrect proxies, why not just outsource hiring to experts or recruitment agencies? After all, they’ve been screening people for many years, so they must know how to do it right?

Not really. I was surprised to discover that many experts disagree with each other. Everybody praises their pet method and criticizes the others. Many of these methods look legitimate, but are based on...

Dashboard Start Trial Sign In Home Tour Tests Questions Pricing