How can you retrieve information from the outdated website?
You visit a website to retrieve the listing of a company’s staff members. But you can not find it on
the website. You know the listing was certainly present one year before. How can you retrieve
information from the outdated website?
Which of the processes listed below would be a more efficient way of doing this type of validation?
You work as security technician at XYZ.com. While doing web application testing, you might be
required to look through multiple web pages online which can take a long time. Which of the
processes listed below would be a more efficient way of doing this type of validation?
By examining the packet identify the name and version of the Web server?
This packet was taken from a packet sniffer that monitors a Web server.
This packet was originally 1514 bytes long, but only the first 512 bytes are shown here. This is the
standard hexdump representation of a network packet, before being decoded. A hexdump has
three columns: the offset of each line, the hexadecimal data, and the ASCII equivalent. This
packet contains a 14-byte Ethernet header, a 20-byte IP header, a 20-byte TCP header, an HTTP
header ending in two line-feeds (0D 0A 0D 0A) and then the data. By examining the packet
identify the name and version of the Web server?
This kind of attack will let you assume a users identity at a dynamically generated web page or site:
This kind of attack will let you assume a users identity at a dynamically generated web page or
site:
____________ will let you assume a users identity at a dynamically generated web page or site.
____________ will let you assume a users identity at a dynamically generated web page or site.
What is Form Scalpel used for?
What is Form Scalpel used for?
what do you think Bubba has changes?
Bubba has just accessed he preferred ecommerce web site and has spotted an item that he would
like to buy. Bubba considers the price a bit too steep. He looks at the source code of the webpage
and decides to save the page locally, so that he can modify the page variables. In the context of
web application security, what do you think Bubba has changes?
How would you protect information systems from these attacks?
Take a look at the following attack on a Web Server using obstructed URL:
http://www.example.com/script.ext?template%2e%2e%2e%2e%2e%2f%2e%2f%65%74%63%2f
%70%61%73%73%77%64
The request is made up of:
%2e%2e%2f%2e%2e%2f%2e%2f% = ../../../
%65%74%63 = etc
%2f = /
%70%61%73%73%77%64 = passwd
How would you protect information systems from these attacks?
What are the differences between SSL and S-HTTP?
What are the differences between SSL and S-HTTP?
What would you term this attack?
Kevin sends an email invite to Chris to visit a forum for security professionals. Chris clicks on the
link in the email message and is taken to a web based bulletin board. Unknown to Chris, certain
functions are executed on his local system under his privileges, which allow Kevin access to
information used on the BBS. However, no executables are downloaded and run on the local
system. What would you term this attack?