1. From the results of Lab #1- Business Application Impact Analysis Worksheet, what do you consider to be the greatest type of risk and why? a. The greatest will be
2. Why is it critical to perform periodic web application vulnerability assessments and penetration tests? a. To keep the system from getting hack
3. What kind of web application does Damn Vulnerable Web Application (DVWA) use? a. It uses PHP/MySQL web application
4. Why is connecting your web servers and web applications to the Internet like opening Pandora’s Box? a. Because my problems can arise, all the vulnerabilities could be exploited
6. What is tcpdump and why is it a good tool for application for testing the Ubuntu Linux web server and web application security? a. Tcpdump is an open source command-line tool for monitoring (sniffing) network traffic. b. At an Ethernet segment, Tcpdump operates by putting the network card into promiscuous mode in order to capture all the packets going through the wire. Using Tcpdump we have a view on any TCP/UDP connection establishment and termination and we can measure the response time and the packet loss percentages To print
7/14/13 Deploying a JDeveloper SOA Application to Oracle WebLogic Server 11g Deploying a JDeveloper SOA Application to Oracle WebLogic Server 11g Purpose In this tutorial, you use Oracle JDeveloper 11g to deploy a SOA Web application to Oracle WebLogic Server 11g. Time to Complete 2 hours Topics The tutorial covers the following topics: Overview Prerequisites Starting the Environment Testing the ...
7. What does the Firefox live HTTP headers plug-in application do, and why is this a good tool for web server and web application security testing? a. Live HTTP Headers is a really helpful penetration testing add-on for Firefox. It displays live headers of each http request and response. You can also save header information by clicking on the button in the lower left corner. I don’t think that there is any kind of need to tell how important this add-on is for the security testing process
8. What does using the “-h” switch for tcpdump & skipfish do? a. to insert any additional, non-standard headers (including an arbitrary User-Agent value)
9. When typing commands and file names on Linux, what is a major difference with the command line interface in terms of entering keystrokes? a. You can cut down typing time with these aliases, work smartly, and increase productivity at the command prompt.
10. Why is TELNET not recommended for remote access to a web server? What do you recommend and why? a. TELNET is a TCP/IP network protocol which is helpful in assessing distant computer terminals. Telnet allows the administrator of another computer to access the computer of any other computer residing on network. The HTTP and FTP protocols are often ready to lend a hand to ask or send request to access particular files on the network.
However both of these protocols do not provide any help to actually log in to the remote PC. It is however possible to log in to access any remote PC and you can utilize the various applications on which you have been provided an authorize access.