Importance of testing for all possible input values in a web form during a pentest
\nThis will make it possible to identify potential security loopholes before an attacker does so and identify possible vulnerabilities in a network. In the long-run, this will serve to provide information that can assist security teams to alleviate vulnerabilities and develop a control mechanism for attacks (Basta, Basta, & Mary Brown, 2013).
\nSource data and how applications should handle this common error.
\nWhen creating an application, and especially, a web application, most developers fail to sufficiently validate the source of data. This has a \u2018data hygiene\u2019 impact in that it can enable void data to enter a database even introducing security challenges. As such, the input fields can be used to inject malicious scripts into the application. This can thus be handled by validating input client side and validating the server side.
\nWhy applications must use the appropriate form action method
\nUsing the appropriate form action serves to tell the web browser how to send the form data to a server as well as tell the browser the form contents to add to the end of URL.
\nImportance of a penetration tester to being familiar with protocols like HTTP
\nBeing familiar with the protocol will serve to inform the penetration tester about the scope within which they should operate. Normally, the scope describes what systems, methods, locations and tools to be utilized in a penetration test. Limiting the scope goes a long way in assisting to focus the team members and defenders on the systems the organization controls.
\nWhy a SQL injection attack can be so devastating for an application
\nA SQL injection attack can lead to the loss, theft or deletion of confidential data (Khan, & Mahapatra, 2012). It can also lead to the defacing of websites, unauthorized access to accounts or systems, and eventually, compromise of whole networks or individual machines.
\nWhy it is critical that system administrators properly secure the ports that database servers listen on.
\nPorts are possible at risk of attacks. Therefore, properly securing the ports aims at protecting the services that are listening on those ports from exploits. Furthermore, the surface area exposed by services is reduced thus eliminating the risk of cyber attacks (Basta, Basta, & Mary Brown, 2013).
\nWhy discovery of an active hit on TCP\/UDP port 1433 does not confirm that Microsoft SQL server is present.
\nThis is because port 1433 is the recognized standard for SQL servers. According to Internet Assigned Numbers Authority (IANA), although this port is registered in the name of Microsoft, getting a hit from this port does not provide a guarantee that this hit is an MSSQL server.
\nWhy a penetration tester would prefer to target a server actively listening on UDP port 1434 versus another server that is not listening but is a confirmed Microsoft SQL server.
\nA penetration tester would opt targeting a server that is actively listening on UDP port 1434 since it makes sure that there is an established link between the host and the server (Faircloth et al., 2016). In addition, this implies that an exception has been put into the firewall s that traffic passes through the port, making it an attack vector that is exposed.
\nThe difference between a virus and a Trojan
\nA virus denotes to a program that does not have the ability to self replicate and thus depends on the host file being spread. A virus has malicious intent. On the other hand, a Trojan denotes to a program that is run by misleading the user into appearing to be something genuine, but has malicious intent (Hausman, Barrett, & Weiss, 2013)<\/p>\n
The type of malicious software may be invisible to a penetration tester
\nThis malicious software is known as the \u2018invisible\u2019 memory based malware. This kind of attack leavers testers with nearly no evidence that an attack actually occurred, and any sign of an incident is gotten rid of when the system is rebooted.
\nProcesses are normally associated with the McAfee VirusScan Enterprise product.
\nThe processes associated with McAfee VirusScan Enterprise product include:
\n\u2022\tTrouble shooting
\n\u2022\tVirus scanning
\n\u2022\tRebooting
\nHeuristic analysis
\nHeuristic analysis refers to a technique that is employed by multiple computer antivirus programs developed to identify computer viruses that were previously unknown as well as new viruses\u2019 variants already in the \u201cwild.\u201d<\/p>\n
References
\nBasta, A., Basta, N., & Mary Brown, C. (2013). Computer Security and Penetration Testing. Cengage Learning.
\nFaircloth, J., Beale, J., Temmingh, R., Meer, H., Walt, C. V., & Moore, H. (2016). Penetration Tester’s Open Source Toolkit. Elsevier.
\nHausman, K. K., Barrett, D., & Weiss, M. (2013). Security+. Que Publishing.
\nKhan, S., & Mahapatra, R. P. (2012). Sql Injection Attack and Countermeasures. LAP
\nLambert Academic Publishing.<\/p>\n","protected":false},"excerpt":{"rendered":"
Importance of testing for all possible input values in a web form during a pentest This will make it possible to identify potential security loopholes before an attacker does so\u2026<\/p>\n","protected":false},"author":3,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[2393],"tags":[2504,2505],"class_list":["post-32845","post","type-post","status-publish","format-standard","hentry","category-psychology-assignment-homework-help","tag-application","tag-database"],"_links":{"self":[{"href":"https:\/\/www.essaybishops.com\/essays\/wp-json\/wp\/v2\/posts\/32845","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.essaybishops.com\/essays\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.essaybishops.com\/essays\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.essaybishops.com\/essays\/wp-json\/wp\/v2\/users\/3"}],"replies":[{"embeddable":true,"href":"https:\/\/www.essaybishops.com\/essays\/wp-json\/wp\/v2\/comments?post=32845"}],"version-history":[{"count":1,"href":"https:\/\/www.essaybishops.com\/essays\/wp-json\/wp\/v2\/posts\/32845\/revisions"}],"predecessor-version":[{"id":32846,"href":"https:\/\/www.essaybishops.com\/essays\/wp-json\/wp\/v2\/posts\/32845\/revisions\/32846"}],"wp:attachment":[{"href":"https:\/\/www.essaybishops.com\/essays\/wp-json\/wp\/v2\/media?parent=32845"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.essaybishops.com\/essays\/wp-json\/wp\/v2\/categories?post=32845"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.essaybishops.com\/essays\/wp-json\/wp\/v2\/tags?post=32845"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}