EC-Council Certified Security Analyst (ECSA v8) — Question 4

If a web application sends HTTP cookies as its method for transmitting session tokens, it may be vulnerable which of the following attacks?

Answer options

• A. Parameter tampering Attack
• B. Sql injection attack
• C. Session Hijacking
• D. Cross-site request attack

Correct answer: D

Explanation

The correct answer is D, as using HTTP cookies for session tokens can expose the application to Cross-site request attacks, where an attacker can trick a user's browser into sending unwanted requests. Options A, B, and C do not specifically relate to the vulnerabilities introduced by using cookies for session management.