What type of web application testing is Zane primarily focusing on?
Zane is a network security specialist working for Fameton Automotive, a custom car manufacturing company in San Francisco. Zane is responsible for ensuringthat the entire network is as secure as possible. Much of the company’s business is performed online by customers buying parts and entire cars through the company website. To streamline online purchases, the programming department has developed a new web application that will keep track of inventory and check items out online for customers. Since this application will be critical to the company, Zane wants to test it thoroughly for any security vulnerabilities. Zane primarily focuses on checking the time validity of session tokens, length of those tokens, and expiration of session tokens while translating from SSL to non-SSL resources. What type of web application testing is Zane primarily focusing on?
What are some common vulnerabilities in web applications that he should be concerned about?
Bret is a web application administrator and has just read that there are a number of surprisingly common web application vulnerabilities that can be exploited by unsophisticated attackers with easily available tools on the Internet.
He has also read that when an organization deploys a web application, they invite the world to send HTTP requests. Attacks buried in these requests sail past firewalls, filters, platform hardening, SSL, and IDS without notice because they are inside legal HTTP requests. Bret is determined to weed out any vulnerabilities. What are some common vulnerabilities in web applications that he should be concerned about?
What file system vulnerability does the following command take advantage of?
What file system vulnerability does the following command take advantage of?
type c:anyfile.exe > c:winntsystem32calc.exe:anyfile.exe
What would be the name of this tool?
John is using a special tool on his Linux platform that has a database containing signatures to be able to detect hundreds of vulnerabilities in UNIX, Windows, and commonly used web CGI scripts. Moreover, the database detects DDoS zombies and Trojans as well. What would be the name of this tool?