Web Applications Security
Type your answers directly under each question. Use proper grammar and complete sentences. Do not cut-and-paste your answers from the textbooks or other resources. Write the answers in your own words (paraphrase).
I UPLOADED SOME SNAPSHOTS THAT CONTAIN INFORMATION THE WRITER WILL USE TO ANSWER QUESTION NUMBER 5 AND 6.
| 1. What is the Software Development Life Cycle (SDLC)?
This is the detailed description of the phases taken during software development, the order in which they are executed, the procedures entailed in the process and how the deliverables are attained. This is usually defined on the basis of the software development and design approach employed. |
| 2. When you should test Web applications for known vulnerabilities? Provide at least two examples using the SDLC phases. |
| – During Development. The application should be thoroughly tested for efficiency and susceptibility to attacks by checking the data type specifications, input procedures and processing steps incorporated
– During Implementation. Real-case scenarios should be simulated for instance Denial of Service Attacks and SQL injection and mitigation procedures undertaken. This is to ensure that the application is secure and robust before launching. |
| 3. Identify and describe three different types of Web application tests that can be demonstrated using the Damn Vulnerable Web Application tool. |
| -The damn vulnerability web application tool is able to test an application for security vulnerabilities like SQL injection. The tool detects any sections of code that pose a security risk to the system.
– The tool can also be used to test the application for susceptibility to cross site scripting by detecting elements like iframes containing code unrelated to the web application -The tool helps the developer test the sequence of command execution in the application. This is important especially when running through the code to check vulnerability spots. |
| 4. What is a vulnerability scan? |
| This is the checking of a computer, server, communication infrastructure or networks for security holes. The scan is able to forecast how well proposed countermeasures will serve their purpose and how they can best be put into use. |
| 5. What was the port number associated with a high priority vulnerability found by your Nessus scan. Research this port number and identify the protocols or software services normally associated with this port. |
| The Port number is 80. This port is associated with the Hypertext transfer protocol (HTTP). It is the default port number for a webserver from which the webserver listens to when expecting transmission from the web client. The tcp and udp protocols are also associated with this port. |
| 6. Identify one high severity vulnerability found by your Nessus scan. Provide the name and CVE number for this vulnerability. What was the port number associated with this vulnerability? |
| CVE-2011-1467 is a highly severe vulnerability that can lead to application crashes. The port associated with this vulnerability is number 80. |
| 7. Explain how you can use a CVE number to learn more about recommended countermeasures and safeguards for the identified vulnerability. |
| The common vulnerabilities and exposures (CVE) number is a unique identifier of a publicly known security vulnerability in publicly released software. The CVE numbers are stored in a database maintained by the MITRE Corporation and each CVE entry contains the vulnerability description and corresponding recommended countermeasure that can be taken. An interested individual can use this information to guard his application against the vulnerability. |
| 8. Briefly describe how a SQL injection attack can be used to compromise the confidentiality of information stored in a database. |
| SQL Injection exploits a vulnerability like incorrectly filtered input. Malicious statements are added by the attacker into an entry field for execution. The attacker can then view data from the databases. Important and confidential data may be exposed as a result. |
| 9. Briefly describe how a cross-site scripting attack can be used to compromise the confidentiality of the information stored in a database. |
| This is a security exploit where the attacker adds malicious coding into a link that appears to be from a legitimate source. When the link is clicked, embedded code is submitted as part of the client’s Web request that can run on the user’s computer. The attacker can steal important information like credit card details and security numbers |
| 10. Why should Web applications be tested for known vulnerabilities both (a) before and (b) after being released into the production environment? You must address both types of testing in your answer. |
| Hackers can attack a web application anytime from anywhere since it is on the internet. Applications should be guarded against cross-site scripting, SQL injection, DDOS attacks and other common vulnerabilities that hackers exploit. The applications should be subjected to scenarios simulating such attacks to ascertain their robustness and susceptibility to attack, before launching them. After launching, the web applications should also be subjected to common attacks like Distributed Denial of Service (DDOS) attacks to ensure that the applications can withstand them. |