I have attempted the Application Security Assessment 4 times, receiving the same score each time. The issue is the skill Check. The Static Code Analysis portion I believe I have correct. I did not change those answer at all and have consistently got 3/6 questions correct. For the Dynamic Code analysis there appears to be issues. There are never any High Vulnerabilities, The number of medium vulnerabilities don’t seem to be correct and there is no alert for “Session ID in URL Rewrite”. I have revisited the DCA training, re-ran the scan using increased scan time. I did see the previous comments regarding this assessment but those issues do not seem to match these. Any help would be appreciated since I will not be able to complete the Security Engineer track without at least getting 4/6 on the skill check. Thank you!
Just tested the Skill Check.
Re: “there are never any high vulnerabilities” - isn’t that an answer?
Re: “the number of medium vulnerablities doesn’t seem to be correct” - on my first run, I was able to reproduce this, but I may have done something wrong myself. Checking with the instructor.
Re: “no alert for Session ID in URL Rewrite” - I couldn’t reproduce this. The alert showed up as expected.
I re-ran the assessment about 30 minutes after my post and the URL Rewrite vulnerability did show up. The only reason I brought up the High Vulnerabilities is because none does not appear to be the answer. On that pass I got 4/6, which I can only assume was due to the URL Rewrite vulnerability finally showing up in the scan. Thanks for replying, hopefully the instructor may be able to assit.
If you check the Hint for the High Vulns questions, it’s one character. So it’s definitely not “none” - but is there another way you could answer the question that aligns with the Hint?
Yes, that is the numeric answer that I have put in there every time
Gotcha - well that’s the correct answer, so your incorrect answer might be elsewhere. What are you putting in as the answer for question 6? (I’ll redact it later).
The answer I finally found was “redacted”, I am starting a new try and will get screenshots.
I just completed and got 4/6, the alerts screen I got was the same as yours. Let me know if there is a way to pass you all my answers because all I have to go off of is that Dynamic Code Analysis is recommended for review. Thanks!
Yeah - do you want to send me all 6 answers through the Forums messaging?