What is the probable cause of Bill’s problem?
Bill has successfully executed a buffer overflow against a Windows IIS web server. He has been
able to spawn an interactive shell and plans to deface the main web page. He first attempts to use
the “echo” command to simply overwrite index.html and remains unsuccessful. He then attempts
to delete the page and achieves no progress. Finally, he tries to overwrite it with another page in
which also he remains unsuccessful. What is the probable cause of Bill’s problem?
Which of the following statements best describes the term Vulnerability?
Which of the following statements best describes the term Vulnerability?
Which of the following web browser can adequately fill this purpose?
Bob is a very security conscious computer user. He plans to test a site that is known to have
malicious applets, code, and more. Bob always make use of a basic Web Browser to perform such
testing.
Which of the following web browser can adequately fill this purpose?
How much information will Clive obtain from the client before commencing his test?
Clive has been hired to perform a Black-Box test by one of his clients.
How much information will Clive obtain from the client before commencing his test?
What would be the best method to accurately identify the services running on a victim host?
Scanning for services is an easy job for Bob as there are so many tools available from the
Internet. In order for him to check the vulnerability of XYZ, he went through a few scanners that
are currently available. Here are the scanners that he uses:
1. Axent’s NetRecon (http://www.axent.com)
2. SARA, by Advanced Research Organization (http://www-arc.com/sara)
3. VLAD the Scanner, by Razor (http://razor.bindview.com/tools/)
However, there are many other alternative ways to make sure that the services that have been
scanned will be more accurate and detailed for Bob.
What would be the best method to accurately identify the services running on a victim host?
Why is Jim having these problems?
Jim is having no luck performing a penetration test in XYZ’s network. He is running the tests from
home and has downloaded every security scanner that he could lay his hands on. Despite
knowing the IP range of all the systems, and the exact network configuration, Jim is unable to get
any useful results.
Why is Jim having these problems?
What kind of assessment will you be performing ?
You have just received an assignment for an assessment at a company site. Company’s
management is concerned about external threat and wants to take appropriate steps to insure
security is in place. Anyway the management is also worried about possible threats coming from
inside the site, specifically from employees belonging to different Departments. What kind of
assessment will you be performing ?
What does black box testing mean?
What does black box testing mean?
What do you think has occurred?
Bryan notices the error on the web page and asks Liza to enter liza’ or ‘1’=’1 in the email field.
They are greeted with a message “Your login information has been mailed to
johndoe@gmail.com”. What do you think has occurred?
What is wrong with the web application?
Liza has forgotten her password to an online bookstore. The web application asks her to key in her
email so that they can send her the password. Liza enters her email liza@yahoo.com’. The
application displays server error. What is wrong with the web application?