Application SecurityApril 11, 2011Student Name: ________________________________ 1. What is the difference between www.mywebsite.com/sales and www.sales.mywebsite.com 2. You discovered that ABC Inc. is using Microsoft’s IIS 5.0 web server software to provide Internet printing service to its employees so they can send their print jobs to the company’s printers over the Internet using a web browser.a. What tool may attackers use to launch a buffer overflow attack again the server?Answer: __________________________________b. Explain how the tool you mentioned when answering Question 2.a works and what may be the consequences of the attacker succeeding. 1/2See Applications Security Powerpoint notes (slide #21)3. Most applications are written to get inputs from users, process them, and generate outputs. The number one rule for writing application programs in a secure way is “Never Trust User Input”.a. Explain why user input may cause a security breach and what kind of security breach may result from trusting user input?b. What can/should be done to comply with the “Never Trust User Input” rule when writing application programs? 4. You opened your web browser and typed http://castle.eiu.edu/~a_illia/BUS3500/Brief/Case1. You get the page shown in Exhibit 1. You deleted Case1 from the URL and get the page shown in Exhibit 2What misconfigration problem allows you to see the content? Explain. 2/2Ehibit 1 Ehibit
View Full Document
Unlocking...