How much information will Clive obtain from the client before commencing his test?
Clive has been hired to perform a Black-Box test by one of his clients.
How much information will Clive obtain from the client before commencing his test?
What would be the best method to accurately identify the services running on a victim host?
Scanning for services is an easy job for Bob as there are so many tools available from the
Internet. In order for him to check the vulnerability of XYZ, he went through a few scanners that
are currently available. Here are the scanners that he uses:
1. Axent’s NetRecon (http://www.axent.com)
2. SARA, by Advanced Research Organization (http://www-arc.com/sara)
3. VLAD the Scanner, by Razor (http://razor.bindview.com/tools/)
However, there are many other alternative ways to make sure that the services that have been
scanned will be more accurate and detailed for Bob.
What would be the best method to accurately identify the services running on a victim host?
Why is Jim having these problems?
Jim is having no luck performing a penetration test in XYZ’s network. He is running the tests from
home and has downloaded every security scanner that he could lay his hands on. Despite
knowing the IP range of all the systems, and the exact network configuration, Jim is unable to get
any useful results.
Why is Jim having these problems?
What kind of assessment will you be performing ?
You have just received an assignment for an assessment at a company site. Company’s
management is concerned about external threat and wants to take appropriate steps to insure
security is in place. Anyway the management is also worried about possible threats coming from
inside the site, specifically from employees belonging to different Departments. What kind of
assessment will you be performing ?
What does black box testing mean?
What does black box testing mean?
What do you think has occurred?
Bryan notices the error on the web page and asks Liza to enter liza’ or ‘1’=’1 in the email field.
They are greeted with a message “Your login information has been mailed to
johndoe@gmail.com”. What do you think has occurred?
What is wrong with the web application?
Liza has forgotten her password to an online bookstore. The web application asks her to key in her
email so that they can send her the password. Liza enters her email liza@yahoo.com’. The
application displays server error. What is wrong with the web application?
where he should have ideally used printf(?s?
Kevin has been asked to write a short program to gather user input for a web application. He likes
to keep his code neat and simple. He chooses to use printf(str) where he should have ideally used
printf(?s? str). What attack will his program expose the web application to?
what do you think Jane has changed?
Jane has just accessed her preferred e-commerce web site and she has seen an item she would
like to buy. Jane considers the price a bit too steep; she looks at the page source code and
decides to save the page locally to modify some of the page variables. In the context of web
application security, what do you think Jane has changed?
What attack is being depicted here?
Ivan is auditing a corporate website. Using Winhex, he alters a cookie as shown below.
Before Alteration: Cookie: lang=en-us; ADMIN=no; y=1 ; time=10:30GMT ;
After Alteration: Cookie: lang=en-us; ADMIN=yes; y=1 ; time=12:30GMT ;
What attack is being depicted here?