Some of the greatest risks businesses face when connecting to the Web

Subject: General Questions    / General General Questions
Question

Module 1 lab assignment

Complete Lab 1 from The Laboratory Manual.

Read and complete all the deliverables associated with this lab.

1. What are some of the greatest risks businesses face when connecting to the Web?

Why?

2. Why is it critical to perform periodic Web-application vulnerability assessments and

penetration tests?

3. What kind of web application does Damn Vulnerable Web Application use?

4. Why might connecting your Web servers and Web applications to the Internet be like

opening Pandora’s box?

5. What does the Skipfish application do, and why is it a good security tool for Web

servers and Web-application testing?

6. What is tcpdump, and why is it a good tool for testing the Ubuntu Linux Web server

and Web-application security?

7. What does the Firefox Live HTTP Headers plug-in application do, and why is this a

good tool for Web-server and Web-application security testing?

8. What does using the -h switch for tcpdump and skipfish do?

9. What is the tcpdump usage message that you recorded during this lab?

10. What information can you determine from the ifconfig -a command?

Module 2 lab assignment

Complete Lab 2: “Obtaining Personally Identifiable Information through Internet Research.”

Read and complete all the deliverables associated with this lab.

1. Complete the following table to describe the results you discovered about your own

personally identifiable information on the Internet.

Search Engine

Was personal

information

returned?

(Yes or No)

Dogpile.com

Google.com

InstantCheckmate.com

AlltheInternet.com

WhitePages.com

ZabaSearch.com

Your local government Web site

Facebook

LinkedIn

Twitter

2. Was there enough personal information returned that could potentially be used for identity

theft? Explain why or why not.

3. How can identity thieves take advantage of social networking users to steal personal

information?

4. According to Facebook.com, who owns the information posted by a user? Include specific

text from Facebook.com in your answer.

5. What is a security feature you should always look for in any Web site that will ask for

personal information to share with others?

6. What implications can the social networking sites have for job applicants?

7. What is the risk of combining your family and personal friends with your business contacts

and associates?

8. What type of personal information could an attacker obtain from a user profile on

LinkedIn.com that he or she could use for identity theft?

9. Suppose someone posted your highly confidential personal information on a social

networking site, and you wish to have the results removed from the Google search engine.

Describe some actions you could take to have the information removed.

10. How does one find public records online?

11. What are some options if you wish to continue using Twitter.com, but need to protect the

information you send from public view?

12. List the type of information you can obtain from a background search on sites such as

InstantCheckmate.com.

Module 3 lab assignment

Complete Lab 3: “Perform a Post-Mortem Review of a Data Breach Incident”.

Read and complete all the deliverables associated with this lab.

1. What is the purpose and function of Google analytics?

2. What is the purpose of performing ongoing website traffic analysis and web trending analysis on production web servers and web sites?

3. How can tcpdump be used as a critical web server tool for conducting on-going traffic monitoring and traffic analysis?

4. How can the various modes of verbose in tcpdump provide more information for analysis?

5. Using the saved file from the Live Http Headers tool, what is the user-agent used by the client browser?

6. Using the saved file from the Live Http Headers tool, what information can be gathered just from the HTTP Headers

7. How could Tcpdump be used to capture passwords sent to a website?

8. Why is it more appropriate to submit sensitive information using HTTP POST than HTTP GET ?

9. How can webalizer aid in the interpretation of web log files?

10. How do tools such as Google Analytics work to track web site traffic?

Module 4 lab assignment

Complete Lab 4: “Exploiting Known Web Vulnerabilities on a Live Web Server.”

Read and complete all the deliverables associated with this lab.

Lab Assessment Questions & Answers

1. What are the OWASP Top 10?

2. What is a brute force attack and how can the risks of these attacks be mitigated?

3. Explain a scenario where a hacker may use cross-site request forgery (CRFS) to perform

authorized transactions

4. What are the Web application attacks that you performed in this lab using the DVWA?

5. Phishing is the practice of trying to obtain extra personal information such as passwords

or banking details while using the guise of a trusted Web site. What type of Web

application vulnerability is exploited by hackers who use a phishing page on a Web site?

6. What could be the impact of a successful SQL injection?

7. What would finding the URL http://www.testurl.com/../../../../../../../../../../../../etc/passwd

in your Web logs indicate?

8. How would you ensure security between a Web application and an SQL server?

Module 5 lab assignment

Complete Lab 5: “Apply OWASP to a Web Security Assessment.”

Read and complete all the deliverables associated with this lab.

1. Identify the four recognized business functions and each security practice of OpenSAMM

2 Identify and describe the four maturity levels for security practices in SAMM

3. What are some activities an organization could perform for the security practice of “Threat Assessment”?

4. What are two recommended assessment styles to SAMM and how are they utilized?

5. What are the three main objectives of the OWASP Application Security Verification Standard (ASVS) Project?

6. Identify the four levels used for ASVS

7. According to the OWASP Development guide, what are some guidelines for handling credit cards on web sites?

8. What are the four known data validation strategies?

9. What are two methods for performing a code review?

10. Why is it important to review how errors are handled during a code review?

11. When should the testing process be introduced in the Software Development Lifecycle (SDLC)?

12. What is black box testing?

13. According the OWAP Development guide, what are some basic best practices for handling authentication when designing and developing web based software?

14. What is a limitation of automated testing tools?

15. What is meant by the phrase “Test early and test often”?

Module 6 lab assignment

Complete Lab 6: “Applying Regulatory Compliance Standards.”

Read and complete all the deliverables associated with this lab.

1. With what section of SOX would the IT professional deal the most, and why?

2. Under HIPAA, when is a health care provider required to notify all patients and the

Department of Health and Human Services when a security breach is discovered?

3. Which database is more secure: the Java-based Apache Derby or MySQL?

4. Which types of businesses or entities are governed by HIPAA?

5. According to the PCI Quick Reference guide, who must comply with PCI-DSS

Standards?

6. What are the 11 titles of mandates and requirements for SOX compliance?

7. What purpose may COBIT serve to help comply with regulations such as Sarbanes-Oxley?

8. What is RDP? What port number does it use?

Module 7 lab assignment

Complete Lab 7: “Perform Dynamic and Static Quality Control Testing.”

Read and complete all the deliverables associated with this lab

1. How does Skipfish categorize findings in the scan report?

2. Which tool used in the lab is considered a static analysis tool? Explain what is referred to by static code analysis.

3. What possible high risk vulnerabilities did the Rats tool find in the DVWA application source code?

4. Did the static analysis tool find all the potential security flaws in the application?

5. What is black box testing on a web site or web application?

6. Explain the Skipfish command in detail: : ./skipfish –o /var/scans/is308lab.org –A admin:password –d 3 –b i –X logout.jsp –r 200000 http://www.is308lab.org

7. During the manual code review, what is noticed about high.php to make it less likely to victimize users with XSS reflection and why is it considered more secure?

8. Would Firefox be considered a web application assessment tool?

9. Compare and contrast a pent testing tool such as OWASP WebScarab with an automatic analysis tool like skipfish.

10. Judging from the two scan reports, describe how Skipfish and Rats can complement one another.

Module 8 lab assignment

Complete Lab 8: “Perform an IT and Web Application Security Assessment.”

Read and complete all the deliverables associated with this lab