Question 1aregister the owasp top 10 web application

Assignment Help Computer Networking

Reference no: EM13349367

QUESTION 1

(a)Register the OWASP Top 10 Web Application Security Risks for 2010.

(b)Why does software have to be intensively examined after a security fix?

(c)One security design principles is to expand applications such that all applications execute with least privilege. Thrash out two benefits of this design principle?

(d)Point out three threat Modeling methodologies.

(e)Briefly converse the four possible ways of responding to threats identified for an application.

(f)(i) How do attackers carry out fuzzing?

(ii) How can software be guarded against fuzzing attacks?

QUESTION 2

(a)Confer how an attacker can exploit a C program which is vulnerable to Stack buffer overflow.

(b)With the help of a drawing, differentiate between the Extended Stack Pointer (ESP) and the Extended Base Pointer (EBP).

(c)StackGuard uses a Canary-based defense to buffer overflow attacks in C language.
Explain how StackGuard prevents buffer overflow.

QUESTION 3

(a)Evaluate and contrast Forms authentication with Windows authentication.

(b)Write the code required in web config to allow right of entry as follows:

(i) Just authenticated users have access to the application, and

(ii) Only task "Administrator" has access to the "admin.aspx" page in application.
Your code should be such that access is in charge of is strictly secured.

(c)Frequently "forgotten password" functionality is provided by web applications. Converse the three possible vulnerabilities due to this feature?

(d)What is Index hijacking?

(e)(i) Why is the arbitrary number class of the .NET framework not suitable for cryptography purposes?

(ii) Which class is used instead?

QUESTION 4

(a)How does the "same origin" policy implemented by browsers provide security?

(b)Discriminate between Reflected XSS and Stored XSS attack.

(c)By means of a figure explain the different steps involved in a session hijacking attack via stored XSS.

(d)A web application is known to be vulnerable to cross-site request forgery (CSRF). The application developer made a decision to use SSL to enhance the security of the web application. Argue on the effectiveness of SSL in regard to the CSRF vulnerability.

Reference no: EM13349367

Questions Cloud

Question 1a explain network security what are the types of : question 1a explain network security. what are the types of security features used in client server types of network?b

Question 1aname five significant activities involved in a : question 1aname five significant activities involved in a digital forensic investigation.bwhy is computer forensic

Question 1abriefly explain how the suspect dobson in utah : question 1abriefly explain how the suspect dobson in utah has been intercepting his ex-employer email.baccording to the

Question 1think about a number of wireless devices nodes : question 1think about a number of wireless devices nodes which are connected to the internet via a single access point

Question 1aregister the owasp top 10 web application : question 1aregister the owasp top 10 web application security risks for 2010.bwhy does software have to be intensively

Question 1give details for the following terms as used in : question 1give details for the following terms as used in cryptographya block cipherb primitive rootc confusiond

Question 1awhat is your knowing for the term cyber weapon : question 1awhat is your knowing for the term cyber weapon? give an example of a cyber weapon.bhow was sony play station

Question 1ai differentiate between denial of service attack : question 1ai differentiate between denial of service attack dos and distributed denial of service ddos attack.ii give

Question 1apresume you want to assess which programmer is : question 1a.presume you want to assess which programmer is the best programmer. you have decided that i will look at

User Account

All Pages