Why do you think this could be a bad idea if there is an Intrusion Detection System deployed to monitor the tr
SSL has been seen as the solution to a lot of common security problems. Administrator will often
time make use of SSL to encrypt communications from points A to point B. Why do you think this
could be a bad idea if there is an Intrusion Detection System deployed to monitor the traffic
between point A and B?
What is wrong with the web application?
Liza has forgotten her password to an online bookstore. The web application asks her to key in her
email so that they can send her the password. Liza enters her email liza@yahoo.com’. The
application displays server error. What is wrong with the web application?
How can Jake gather network information in a secure manner?
Jake is a network administrator who needs to get reports from all the computer and network
devices on his network. Jake wants to use SNMP but is afraid that won’t be secure since
passwords and messages are in clear text. How can Jake gather network information in a secure
manner?
where he should have ideally used printf(?s?
Kevin has been asked to write a short program to gather user input for a web application. He likes
to keep his code neat and simple. He chooses to use printf(str) where he should have ideally used
printf(?s? str). What attack will his program expose the web application to?
Can June use an antivirus program in this case and would it be effective against a polymorphic virus?
June, a security analyst, understands that a polymorphic virus has the ability to mutate and can
change its known viral signature and hide from signature-based antivirus programs. Can June use
an antivirus program in this case and would it be effective against a polymorphic virus?
what do you think Jane has changed?
Jane has just accessed her preferred e-commerce web site and she has seen an item she would
like to buy. Jane considers the price a bit too steep; she looks at the page source code and
decides to save the page locally to modify some of the page variables. In the context of web
application security, what do you think Jane has changed?
Which of the following Exclusive OR transforms bits is NOT correct?
Which of the following Exclusive OR transforms bits is NOT correct?
What attack is being depicted here?
Ivan is auditing a corporate website. Using Winhex, he alters a cookie as shown below.
Before Alteration: Cookie: lang=en-us; ADMIN=no; y=1 ; time=10:30GMT ;
After Alteration: Cookie: lang=en-us; ADMIN=yes; y=1 ; time=12:30GMT ;
What attack is being depicted here?
How would you overcome the Firewall restriction on ICMP ECHO packets?
The traditional traceroute sends out ICMP ECHO packets with a TTL of one, and increments the
TTL until the destination has been reached. By printing the gateways that generate ICMP time
exceeded messages along the way, it is able to determine the path packets take to reach the
destination.
The problem is that with the widespread use of firewalls on the Internet today, many of the packets
that traceroute sends out end up being filtered, making it impossible to completely trace the path
to the destination.
How would you overcome the Firewall restriction on ICMP ECHO packets?
It secures information by assigning sensitivity labels on information and comparing this to the level of secur
_________ ensures that the enforcement of organizational security policy does not rely on
voluntary web application user compliance. It secures information by assigning sensitivity labels
on information and comparing this to the level of security a user is operating at.