1.
Why is it critical to perform a
penetration test on a Web application and a Web server prior to production
implementation?
So you can find the weakness and fix them
before it can be implemented on the server and goes live.
2.
What is a cross-site scripting attack?
Explain in your own words.
It is a computer security vulnerability
typically found in web applications that enables attacks to inject client-side script into web pages viewed by
others.
3. What
is a reflective cross-site scripting attack?
A reflective attack involves the web
application dynamically generating a response using non-sanitized data from the
client scripts.
4. Which
Web application attack is more likely to extract privacy data elements out of a
database?
Character scrambling and masking numeric variance and nulling.
5. If you
can monitor when SQL injections are performed on an SQL database, what would
you recommend as a security countermeasure to monitor your production SQL
databases?
SQL Inject Me allows you to test for SQL
injection vulnerabilities that hackers can use to hijack your data and modify
the contents of a database.
6. What
can you do to ensure that your organization incorporates penetration testing
and Web application testing as part of its implementation procedures? Well coordinated
and regularly audited security checks are a great way of doing this.
7. Who is
responsible and accountable for the CIA of production Web applications and Web
servers? The
C-I-A pf production web application and web servers are the responsibility of certified information systems security
personnel.
No comments:
Post a Comment