Module 14 - Hacking Web Applications

Question 1

Web App Threats:

_____ is a Top 10 list of all computer related stuff.

Answer 1

OWASP

Question 2

Web App Threats:

• Allows attackers to access restricted directories including application source code, configuration, and critical system files, and execute commands outside of the web server’s root directory.
• Grants you access to the back end of a site where you can alter or make changes.

Answer 2

Directory Traversal

Question 3

Web App Threats:

It is a type of unvalidated redirect attack where the attacker first identifies the most visited website of the target identifies the vulnerabilities in the website, injects malicious code into the vulnerability web application, and waits for the victim to browse the website. Once the victim tries to access the website, the malicious code executes infecting the victim.

a. Water Hole Attack
b. Cross-Site Request Forgery (CRSF)
c. Cookie Poisoning
d. Cross-Site Scripting (XSS)

Answer 3

a. Water Hole Atack

Question 4

Web App Threats:

• Used to maintain session state in the otherwise stateless HTTP protocol.
• Attacks the modification of the contents of a cookie (Personal information stored in a web user’s computer) in orider to bypass security mechanisms.
  a. Water Hole Attack
  b. Cross-Site Request Forgery (CRSF)
  c. Cookie Poisoning
  d. Cross-Site Scripting (XSS)

Answer 4

c. Cookie Poisoning

Question 5

Hacking Methodology:

What can you do to defend against: Supply crafted malicious input that is syntactically correct according to the interpreted language being used in order to break application’s normal intended.

Answer 5

Input Validation

Question 6

Hacking Methodology:

What can you do to mitigate SQL Injections?

Answer 6

Input Validation