978-0840020932 Chapter 15

Chapter 15: Web Application Vulnerabilities

TRUE/FALSE

1. The protocols upon which the Internet rest are, by nature, secure.

2. In 2007 the average time between bringing an unsecured server (or client) onto the Internet, and its being

infected by one of the thousands of circulating Internet worms, is less than 2 minutes.

3. A set of passwords is better than just one password because even the strongest password can be cracked,

given sufficient time.

4. The majority of network traffic on the Web is encrypted.

5. It is a proven fact that outsiders perpetrate most computer crimes.

MULTIPLE CHOICE

1. HTTP error code ____ means the server is looking for an encryption key from the client or is responding

to a bad password entry.

a.

400

c.

403

b.

401

d.

408

2. HTTP error code ____ means the client stopped the request before the server finished retrieving it.

a.

400

c.

403

b.

401

d.

408

3. The open-source Mambo project is a content management system built on ____.

a.

C++

c.

PHP

b.

Java

d.

.NET

4. The two most widely used Web server applications are ____ and Microsoft Internet Information Server

(IIS).

a.

Apache

c.

Web Zone

b.

WebSphere

d.

OpenWeb

5. The ____ dialog in a browser allows you to view the pages you have visited in the last user-defined

number of days.

a.

bookmarks

c.

cookies

b.

history file

d.

cache

COMPLETION

1. ____________________ is very complicated and intended to supply the base for all subsequent

application layer and presentation layer software.

2. A(n) _________________________ is a neutral zone between the private LAN and the public network

of an organization.

3. ___________________________________ facilities allow you to monitor all user activity on your

private development machine and also to keep a record of Web server logs on a protected machine.

4. The most common source of Web-browser exploits is _________________________.

5. A(n) ____________________ is a small text file, stored on your computer by Web servers, that contains

information about the last session when you visited the site.

SHORT ANSWER

1. What are some of the factors that lead to vulnerability of data and applications on the Web?

2. What are some of the tools used to exploit Web vulnerability?

3. What are some of the most important Web server vulnerabilities?

4. How can default user account become a security problem?

5. Briefly describe both types of cookies.