What is the first character that Bob should use to attempt breaking valid SQL requests?
Bob has been hired to do a web application security test. Bob notices that the site is dynamic and infers that they mist be making use of a database at the application back end. Bob wants to validate whether SQL Injection would be possible.
What is the first character that Bob should use to attempt breaking valid SQL requests?
Bill is attempting a series of SQL queries in order to map out the tables within the database that he is tryin
Bill is attempting a series of SQL queries in order to map out the tables within the database that he is trying to exploit.
Choose the attack type from the choices given below.
What tool would be best used to accomplish this?
Johnny is a member of the hacking group orpheus1. He is currently working on breaking into the Department of Defense’s front end exchange server. He was able to get into the server, located in a DMZ, by using an unused service account that had a very weak password that he was able to guess. Johnny wants to crack the administrator password, but does not have a lot of time to crack it. He wants to use a tool that already has the LM hashes computed for all possible permutations of the administrator password.
What tool would be best used to accomplish this?
Which of the following is most effective against passwords ?
Which of the following is most effective against passwords ?
How long will it take to crack the password by an attacker?
You have chosen a 22 character word from the dictionary as your password. How long will it take to crack the password by an attacker?
Which of the following is the best way an attacker can passively learn about technologies used in an organizat
Which of the following is the best way an attacker can passively learn about technologies used in an organization?
Why do you think this is possible?
Annie has just succeeded is stealing a secure cookie via a XSS attack. She is able to replay the cookie even while the session is valid on the server. Why do you think this is possible?
Is there some way to 4go back and see the code for that error?
Say that "abigcompany.com" had a security vulnerability in the javascript on their website in the past. They recently fixed the security vulnerability, but it had been there for many months. Is there some way to 4go back and see the code for that error?
Select the best answer.
What attack is being depicted here?
Ivan is auditing a corporate website. Using Winhex, he alters a cookie as shown below.
Before Alteration: Cookie: lang=en-us; ADMIN=no; y=1 ; time=10:30GMT ;
After Alteration: Cookie: lang=en-us; ADMIN=yes; y=1 ; time=12:30GMT ;
What attack is being depicted here?
what do you think Jane has changed?
Jane has just accessed her preferred e-commerce web site and she has seen an item she would like to buy. Jane considers the price a bit too steep; she looks at the page source code and decides to save the page locally to modify some of the page variables. In the context of web application security, what do you think Jane has changed?