Web Application
What are the 2 items that you need in order to start the scan?
Client URL and Login credentials
Code review is what type of analysis?
Static Analysis or Static Analysis Security Testing (SAST)
What does TCP/IP stand for?
Transmission Control Protocol /Internet Protocol
What is a vulnerability?
A weakness
Denial of Service affects what part of the triad?
Availability
How would you capture a false negative which bypassed the App Scan?
Perform a manual test in order to catch issues not found within the scan
Provide 3 preventative measures used in order to mitigate SQL injections?
Input Validation/Encoding/Sanitization,
Whitelisting/Stored Procedures/Prepared Statements,
and Parameterized Queries (Bind Variables).
What are the 2 types of ID's within an IP address?
Network ID, and Host ID
File paths have been displayed that are not meant for regular users…
What is this vulnerability?
Directory Traversal
Two employees have Laptops with encrypted hard drives, they send messages back and forth through email… Since they were within their own network, they didn't encrypt their mail. A Man in the Middle attack occurred on the network and their traffic was sniffed but no packets were changed… What was compromised within the triad?
Confidentiality (Information was not encrypted in transit)
You have to check to see what HTTP methods are allowed... what Tool and Command would be used in order to achieve this?
NMAP and the command is: nmap --script http-methods <target address>
What three vulnerabilities are identified within the code below?
user = <input.username>
password = password123;
system.out.println (user);
return user;
1. Cross Site Scripting/XSS
2. Password Management: Hard-coded
3. Poor Logging Practices
What are the 7 layers of the OSI model?
Application, Presentation, Session, Transport, Network, Data Link, and Physical
Error handling reveals stack traces or other overly informative error messages to users…
What type of vulnerability is this?
Security Misconfiguration
Which file within Linux allows for attackers to see users' hashes?
/etc/shadow ... I would also accept (shadow file)