Question 1a there are two analysis techniques in reverse

Assignment Help Computer Networking
Reference no: EM13349377

QUESTION 1

(a) There are two analysis techniques in reverse engineering for mobile apps, static and dynamic.

(i) Set apart these 2 techniques.

(ii) Name one tool for static analysis and one tool for dynamic analysis for a exacting mobile platform

(b) Think about reverse engineering an Android App.

(i) Depict a flowchart to show the different steps.

(ii) Model the total time taken to reverse engineer the app. Which step is more time consuming? Is it possible to have real time reverse engineering for mobile applications?

(iii) Remark the coding for the APK installation procedure in Annex 1.

(iv) What is Dalvik changeable? How does Dalvik byte code differ from Java byte code?

(e) The case in (b) relates to reverse engineering towards class hierarchy identification. The 2 others objectives in reverse engineering are encryption and ARM information. Illustrate the methods of ARM reverse engineering.

QUESTION 2

(a) In real meaning security is holistic. Describe your reasoning using appropriate instances.

(b) Clarify three methods to authenticate a user and give an example of a real world two-factor authentication.

(c) What is an Access Control List (record)?

(d) Briefly portray four methods how confidentiality can be ensured.

(e) Availability is an important security concept. Offer two ways how web masters can ensure maximum availability of their web applications.

(f) Describe what happen during a DNS Cache Poisoning attack.

QUESTION 3

(a) Briefly illustrate the most significant web threat for the following types of submissions:

(i) Military Institution

(ii) Civil Liberties website, White House website

(iii) Financial Institution

(b) Elucidate what a Turtle Shell Architecture is and give an instance.

(c) Briefly give explanation the principle of least privilege using an appropriate example.

(d) Think about the following usual query for user login in PHP:

$Sql="SELECT*FROMtbl_userWHEREusername='".$_POST[‘username]."'AND
Password'".$_POST[‘password']."'";
$result=mysql_query($sql);

Let's assume that an intruder injected x' OR ‘x'='x in the username field and x' OR ‘x'='x in the code word field.
Elucidate what happen when the form is processed.

(f) Let's presume a query in a product detail page is as follows:

$sql="SELECT*FROM product WHERE product_id='".$-GET[product-id]"'";
At the moment an intruder injects an SQL command in the URL of the page, the code is like this 10'; DROP TABLE product; # and the URL looks like this: https://xyz.com/product.php?id=10'; DROP TABLE product; #
At the moment the query becomes this:
SELECT * FROM product WHERE product_id='10'; DROP TABLE product; #';
You might be doubting what the meaning of hash "#" is. It simply tells the MYSQL server to ignore the rest of the query.
Clarify what happen when the URL is processed with the injection as shown above.

(f) Describe what a Cross Site Scripting attack is giving a suitable case in point.

(g) Alice wishes to transfer $100 to Bob using bank.com. The demand produced by Alice will look similar to the subsequent
POST https://bank.com/transfer.phpHTTP/1.1
...
...
...
Content-Length:19;
Acct=BOB&amount=100

However, Maria notices that the same web application will execute the same relocate using URL parameters as follows:
Get https://bank.com/transfer.php?acct=BOB&amount=100 HTTP/1.1

Maria now decides to exploit this web application vulnerability using Alice as her victim. Maria has to construct the URL which will transfer $100,000 from Alice's account to her explanation.\


(i) Put up the above URL for Maria at this time that her malicious appeal is generated; Maria must trick Alice into submitting the request. The most essential technique is to send Alice an HTML email containing the link and expect Alice to click on it.
Assuming Alice is authenticated with the application when she clicks the link, the transfer of $100,000 to Maria's account will occur. Though, Maria understands that if Alice clicks the link, then Alice will become aware of that a shift has occurred. Consequently, Maria decides to hide the attack in a zero-byte image.

(ii) Write down the code that Maria must send to Alice in the email making use of a zero-byte image.

(iii) Elucidate using an appropriate example how bank.com can prevent such security vulnerability.

QUESTION 4

(a) Discriminate between symmetric and public key encryption cryptographic systems and their modes of operation.

(b) Put in plain words what hash functions are and using a suitable example show how to calculate the hash on a string using MD5.

(c) Make clear what do you understand by the terms hash collision and rainbow tables giving an appropriate example for each. Also describe how they can be prevented.

(d) Write a 6-pass iterative and 17-pass recursive PHP function using sha1 and salt "saltandsugar" to hash password (key) "mynameisdon".

QUESTION 5

(a) When a website is being hosted on a shared web server, any session variable can be viewed by other users on the same server. The illustration below shows such a scenario where a "user password" is in a session variable.

The on top of code is not secure, as the password is stored in plain text in a session variable.
If ($_SESSION[‘passwqord']==$userpass) {<br>
// do sensitive things here <br>
}
Put in plain words how to make the above code secure.

(b) With reference to Question 2(g), elucidate how Maria can view the content of transfer.php, assuming the bank.com website is hosted on a shared server and Alice has an account on the latter.

(c) To ensure higher security, if an attacker gets hold of a session key, most likely it should be expired. Using a appropriate instance show how session key should be changed for each new request the user makes.

(d) List five obligatory security practices when handling uploaded files.

(e) Offer one validation and sanitizing filters.

Reference no: EM13349377

Previous Q& A

  Question 1the best practice approach to the development of

question 1the best practice approach to the development of a human resource strategy has severe limitations. best fit

  Question 1successful service managers identify that

question 1successful service managers identify that managing demand and capacity is vital for both productive use of

  Question 1a describe what a turtle shell architecture is

question 1a describe what a turtle shell architecture is and give an instance.b briefly clarify the principle of least

  Question 1a what are the indispensable ingredients of a

question 1a what are the indispensable ingredients of a symmetric cipher?b what are the two basic meanings used in

  Question 1a sort out each of the following as a violation

question 1a sort out each of the following as a violation of privacy integrity and ease of use authenticity or some

  Question 1a explain network security what are the types of

question 1a explain network security. what are the types of security features used in client server types of network?b

  Question 1aname five significant activities involved in a

question 1aname five significant activities involved in a digital forensic investigation.bwhy is computer forensic

  Question 1abriefly explain how the suspect dobson in utah

question 1abriefly explain how the suspect dobson in utah has been intercepting his ex-employer email.baccording to the

  Question 1think about a number of wireless devices nodes

question 1think about a number of wireless devices nodes which are connected to the internet via a single access point

  Question 1aregister the owasp top 10 web application

question 1aregister the owasp top 10 web application security risks for 2010.bwhy does software have to be intensively

Reviews

Write a Review

 

Similar Q& A

  Depict network topology graphical model initial environment

Depict a network topology graphical model of the initial environment of 10 employees using Visio or its open source alternative software. Note: The graphically depicted solution is not included in the required page length.

  Calculate the transmission delay for a link rate

Review the results of your calculations and consider the impact these two delays have on the quality of service. As a result of your work, comment on the use of the small cell size used in ATM. Refer to your results to support your position - What..

  What allows the ip layer to determine where to send a packet

what allows the IP layer to determine where to send a packet next? What settings are used to make that decision?

  Create technique to establish tcp connection

Try to create a technique which will allow Arnold to establish a TCP connection with Bernard without application-specific NAT configuration. If you have difficulty devising such technique, explain why.

  Describe what is meant by cybersecurity design

Describe what is meant by Cybersecurity Design.List and describe the principles that must be supported.

  Maintaining current employers connection to internet

Assume you are responsible for selecting and maintaining your current employers connection to the Internet. Take some time to research routing protocols

  What network hardware needed for networking project

You are to network a ten story building capable of supporting 100 computers on each floor. What network hardware will be needed to accomplish the networking project?

  Provide network addresses which satisfy constraints

Subnet 1 is needed to support up to 125 Interfaces, and Subnet 2 and 3 are each needed to support up to 60 interfaces. Give three network addresses which satisfy these constraints.

  Adding four servers to network to share file

Manager would like to add four servers to network so employees can share files. Manager would also like to permit VPN access for her employees so they can work remotely.

  Case study - networks and switching

Prepare a report - Discussion of your subnetting approach, your calculations for each subnet, why particular subnet masks were chosen and how you allocated the subnets to individual networks - TNE10006/TNE60006 - Networks and Switching

  Explain private ip addressing used in conjunction with nat

Explain if private IP addressing should be used in conjunction with NAT (Network Address Translation)? Describe what IP class you would consider using.

  Maintaining list of bad public-key certificates

Assuming that it is possible to protect the repository from attack, what are the disadvantages of this approach?

Free Assignment Quote

Assured A++ Grade

Get guaranteed satisfaction & time on delivery in every assignment order you paid with us! We ensure premium quality solution document along with free turntin report!

All rights reserved! Copyrights ©2019-2020 ExpertsMind IT Educational Pvt Ltd