Valid 312-96 Dumps shared by ExamDiscuss.com for Helping Passing 312-96 Exam! ExamDiscuss.com now offer the newest 312-96 exam dumps, the ExamDiscuss.com 312-96 exam questions have been updated and answers have been corrected get the newest ExamDiscuss.com 312-96 dumps with Test Engine here:
Thomas is not skilled in secure coding. He neither underwent secure coding training nor is aware of the consequences of insecure coding. One day, he wrote code as shown in the following screenshot. He passed 'false' parameter to setHttpOnly() method that may result in the existence of a certain type of vulnerability. Identify the attack that could exploit the vulnerability in the above case.
Correct Answer: B
The setHttpOnly(false) method call in the code indicates that the HttpOnly flag is not set for the cookie. This is a security concern because when the HttpOnly flag is not set, it allows client-side scripts, such as JavaScript, to access the cookie. Attackers can exploit this vulnerability by using cross-site scripting (XSS) attacks to steal the cookie and potentially hijack the user's session. To mitigate this vulnerability, the HttpOnly flag should be set to true, which instructs the browser to prevent client-side scripts from accessing the cookie. The correct code should be: Java loginCookie.setHttpOnly(true); AI-generated code. Review and use carefully. More info on FAQ. This change ensures that the cookie is protected from being accessed by client-side scripts. References: For verified answers and comprehensive explanations, it is recommended to refer to the official EC-Council Application Security Engineer (CASE) JAVA study guides and course materials. These resources provide detailed information on secure coding practices, including the proper use of the HttpOnly flag in cookies to prevent client-side script attacks. Additionally, the EC-Council's training programs offer in-depth knowledge and hands-on experience in secure coding techniques for Java applications.
