Weaknesses/Vulnerabilities

Question 1

Systems are inherently insecure; business processes are not up to date with current security practice, why?

Answer 1

Badly written software
Badly written websites
Lack of encryption

Question 2

Are applications weaker then operating systems, and if so why?

Answer 2

Yes, as applications haven’t developed to the scale of systems.

Question 3

What is Buffer overflow

Answer 3

Buffer is allocated memory for input

Question 4

Main problem for buffer overflow

Answer 4

If too much input is provided at once, it isnt checked and can write beyond the memory allocated and into the instructions.

Question 5

Which main instructions would some use to get on to there bosses computer?

Answer 5

DNS - Server IP
WHOIS - who own that IP
PING - to find which addresses responds
Scan TCP ports of the IP - find a port that is listening and uses the buffer overflow.

Question 6

What applications are easy to exploit

Answer 6

Adobe and JavaScript.

Question 7

What is SQL Injection

Answer 7

A badly checked input to web databases can let web users modify the database

Question 8

Weak password is susceptible to?

Answer 8

Brute Force attack, enough time it will work

Question 9

Best ways to defend against attacks

Answer 9

Firewalls
Up to date software
good passwords
Sensible use of public WIFI

Question 10

What do organisations do to keep their systems up to date

Answer 10

Penetration Tests
Commission hackers try to hack the systems

Question 11

Example of an SQL statement

Answer 11

SQL Statement > SELECT * FROM users WHERE userID = “+ userName”;