(Short Answers qt 1-6)
1- When you should test Web applications for known vulnerabilities? Provide at least two examples using the SDLC phases
2- Identify and describe three different types of Web application tests that can be demonstrated using the Damn Vulnerable Web Application tool.
3- Explain how you can use a CVE number to learn more about recommended countermeasures and safeguards for the identified vulnerability
4- Briefly describe how a SQL injection attack can be used to compromise the confidentiality of information stored in a database
5- Briefly describe how a cross-site scripting attack can be used to compromise the confidentiality of information stored in a database
6- Why should Web applications be tested for known vulnerabilities both (a) before and (b) after being released into the production environment? You must address both types of testing in your answer
7- Netwwork Troubleshooting
Experts-Exchange (www.experts-exchange.com) is one of the best places to get answers to any computer-related problems.
The way it works is that people will post their computer/networking problems and “Experts” would try to help them by troubleshooting the problems.
Now, go to: http://www.experts-exchange.com/. Scroll down and see the “Open Questions”, meaning questions that nobody has posted an answer to.
This is a long list of problems that nobody has provided explanations for.
Look through a few of them, and then select one that is related to networking.
Come back here and post the problem that you found and research on the Internet on the possible source of the problem and how to fix it.
8- COMMON NETWORK PROBLEM
What is the most common network problems that you have experienced or heard about?
Why is that a problem?
What are some of the symptoms of this problem?
How do you fix it?
How do you prevent it?
9- NETWORK TROUBLESHOOTING STEPS
I have a network with several subnets, several switches, and a firewall / router.
I use DHCP and an internal DNS server. All of a sudden, a workstation that has worked for months loses connectivity to sites it has used regularly.
Define a troubleshooting regimen that will help you isolate the problem and fix it.
CYBESECURITY (Your response should be 150+ words in length and include APA format references and citations.)
10-Prevent, Detect, Respond, Control and deter Attacks
Select one of the Critical Infrastructure Key Sectors (as defined by DHS https://www.dhs.gov/critical-infrastructure-sectors). Name the top three cybersecurity threats to this sector and provide detection/mitigation/incident response recommenations. Use the “prevent, detect, respond, control, and deter” framework in your explanation.
11- ANTIVIRUS- SILVER BULLET ?
Take a moment to review the malware and spam statistics on these reputable sites:
Here’s the scenario… Your boss is resistant to spending any more budget on the cybersecurity program because the company has a “top of the line”, expensive antivirus solution. Using statistics from the websites I’ve provided and at least 2 additional sources to prepare an “elevator speech” for him/her to secure funding for at least one additional technology (your choice).