Ecologic Validity of Quiz Questions

JavaScript isn't enabled in your browser, so this file can't be opened. Enable and reload.

Question
1-In which city the web application corresponding to "domain 3" locates?
a)Ankara, b)Istanbul, c)New York, d)Other
2-For all three projects two vulnerability measurements are done. Select the most vulnerable software project based on # of vulnerabilities per project size measured as LOC (line of code).
a)Domain1, b)Domain2, c)Domain3, d)All are equal
3-For all three projects two vulnerability measurements are done. Select the project where no new development or bug fix is done between two analyses phases?
4-What is the number of pages which has highest associated alert "Low" for web application project named "domain1"?
a)105, b)42, c)265, d)13
5-Vulnerability scanners can not process all the pages for web applications due to several reasons. One of these reasons is reaching the "Max Dept". Looking at the overall results for all three projects, what is the amount of pages which are unprocessed due to reaching max dept.
a)10%, b)0.1%, c)20%, d)Other
6-Which project has the highest round trip time taken for a vulnerability scan session?
a)Domain1, b)Domain2, c)Domain3, d)All are equal
7-What is the "metric name" shown in the tool tip box for the previous dashboard
a)OWASPTopTen2007Vulnerabilities, b) NumberOfVulnerabilities, c) URLProcessedSet, d) URLsWithAlert
8-What is the number of alerts per modules per "Phase 2" of "Domain 2"?
a)0.28, b)38.12, c)100, d)60.60
9-Find out the project at which no the project size did not change in the time period between two independent vulnerability scan results are done?
a)Domain 1, b)Domain 2, c)Domain 3, d)None
10- What is the number of vulnerability of type "Web Browser XSS Protection Not Enabled" for "Domain 1", "Phase 1"
a)24, b)1, c)7, d)35
11-What is the number of repeated alerts for "Domain 3" in "Phase 2" from "Phase 1"?
a)0, b)1525, c)303, d)741
12-What is the number of fixed alerts for "Domain 2" in "Phase 2" from "Phase 1"?
a)0, b)1525, c)303, d)741
13-Based on the scanner rules used in this tool, how many of the vulnerabilities in the CWE database is covered?
a)50, b)27, c)4, d)0
14-Is "A10 - Failure to Restrict URL Access" of OWASP top ten 2007 vulnerabilities list is covered in the existing scanner rules?
a)Yes, b)No, c)I don’t know, d)N/A
15-What is the number of vulnerabilities belonging to "A6 Injection Flaws" for "domain 2"?
a)35, b)2, c)224, d)71

Experience in # of years in application security/information security *

Background: 1-We designed a tool which visualizes web application security vulnerabilities for more than one web application project and for more than one vulnerability scans. 2-In order to evaluate this tool a case study is prepared. 3- During this case study vulnerability scan analysis for three different domains (web applications) are made multiple times(phases). 4-The above set of 15 questions are prepared for the users or this tool.

We want you to evaluate these question set. Are these questions reflect security analysts needs? *

Strongly Disagree

Strongly Agree

Submit

Clear form

This content is neither created nor endorsed by Google. Report Abuse - Terms of Service - Privacy Policy

Forms