Hacking Web Applications

Question 1

What is SOAP and what is it used for?

Answer 1

Simple Object Access Protocol:
XML-based protocol for exchanging information in a decentralized, distributed environment.

Question 2

What kind of Vulnerability is SOAP (Simple Object Access Protocol) Vulnerable to?

Answer 2

XPath Injection

Question 3

What are Virtual Hosts and where are they used?

Answer 3

Used in Shared Web Servers, when website is accessed it is directed to a specific directory within a single shared server.

Question 4

What is a Digital Certificate?

Answer 4

Electronic File That is Used to Verify a User’s or Server’s Identity (Provides Non-Repudiation).

Question 5

What technology is NOT PKI x.509 compliant and cannot be used in various secure functions?
1. AES
2. PKCS
3. Blowfish
4. SSL/TLS

Answer 5

3. Blowfish

Question 6

In SQL, what are parameterised queries (or Prepared Statements) used for?

Answer 6

To prevent SQL injection.

Question 7

List 3 most popular Web Servers

Answer 7

1. Apache
2. Nginx
3. IIS

Question 8

What is meant by N-Tier Architecture?

List the 3 category types

Answer 8

1. Presentation (web)
2. Logic (application)
3. Data (database)

Question 9

What do the Internet Engineering Task Force (IETF) do?

Answer 9

Creates engineering documents to help make the
Internet work better

Question 10

What is the World Wide Web Consortium (W3C)?

Answer 10

A standards-developing community

Question 11

What do Open Web Application Security Project (OWASP) do?

Answer 11

Organization focused on improving the security of software

Question 12

What type of HTTP status codes start with 1xx? (E.g. HTTP 100)

Answer 12

Informational - Response indicates that the request was received and understood

Question 13

What type of HTTP status codes start with 2xx? (HTTP 200)

Answer 13

Success - Indicates the action requested by the client was received, understood, accepted and successful.

Question 14

What type of HTTP status code starts with 3xx? (HTTP 300)

Answer 14

Redirection - Indicates the client must take additional action to complete the request

Question 15

What type of HTTP status code starts with 4xx? (HTTP 404)

Answer 15

Client Errors - Intended for situations in which the error seems to have been caused by the client.

Question 16

What type of HTTP status code starts with 5xx (HTTP 500

Answer 16

Server Errors - Server is aware that it has encountered an error or is otherwise incapable of performing the request

Question 17

What is a DNS amplification attack?

Answer 17

Using recursive DNS servers to perform DoS towards the target. DNS answers get amplified.

Question 18

What kind of tool is WFETCH?

Answer 18

Microsoft tool that allows HTTP request debugging.

Question 19

What is a Connection String Parameter Pollution attack?

Answer 19

Injection attack that uses semicolons to take advantage of databases that use ; separation method.

Question 20

What is a Integer Overflow attack?

Answer 20

Leads to buffer overflow, integer numbers exceeds its limit leading to overwrite elements in memory.

Question 21

What is the most common False Positive Finding for an automated Web App Scan?

Answer 21

Version disclosure of server information

Question 22

Which of the following items is unique to the N-tier architecture method of designing software applications?

A. Application layers can be separated, allowing each layer to be upgraded independently from other layers
B. It is compatible with various databases including Access, Oracle, and SQL.
C. Data security is tied into each layer and must be updated for all layers when any upgrade is performed.
D. Application layers can be written in C, ASP.NET, or Delphi without any performance loss.

Answer 22

A. Application layers can be separated, allowing each layer to be upgraded independently from other layers

Question 23

Which type of web application server does ISAPI filters apply to?

Answer 23

IIS

Question 24

Why should the security analyst disable/remove unnecessary ISAPI filters?

Answer 24

To defend against webserver attacks

Question 25

What is the name of the log file for apache servers?

Answer 25

access_log

located in: /var/log/httpd/access_log

Question 26

Why is it best to disable ISAPI filters?

Answer 26

To defend against web based attacks.

Question 27

What type of tool is Paros Proxy?

Answer 27

HTTP Interceptor for assessing web based vulnerabilities

Question 28

What is a Watering Hole Attack?

Answer 28

Targeted attack designed to compromise users within a specific industry or group of users by infecting websites they typically visit and luring them to a malicious site

Question 29

What are the 3 types of SQL Injection attack?

Answer 29

1. Error-based
2. Blind
3. Union

Question 30

What type of an attack is R-U-Dead-Yet?(RUDY)?

Answer 30

DoS Starvation attack of available sessions on the web server by sending never-ending POST requests.