Application SecurityApril 11, 2011Student Name: ________________________________Web service security 1. What is the difference between www.mywebsite.com/sales and www.sales.mywebsite.com 2. What is the difference between www.mywebsite.com and www.mywebsite.com/index.htm 3. Access the http://www.w3.org/Protocols/rfc2616/rfc2616.html to check the rfc2616.html web page. Then, use directory browsing to check the content of the rfc2616 folder by typing: http://www.w3.org/Protocols/rfc2616/. Is the directory browsing enabled? Explain your answer. 4. Access the http://castle.eiu.edu/~a_illia/BUS3500/Brief/Case1/ web page. Then, use directory browsing to determine whether or not directory browsing is enabled. Is it enabled? Explain your answer. 5. You discovered that ABC Inc. is using Microsoft’s IIS 5.0 web server software to provide Internet printing service to its employees so they can send their print jobs to the company’s printers over the Internet using a web browser.a. What tool may attackers use to launch a buffer overflow attack again the server?Answer: __________________________________b. Explain how the tool you mentioned when answering Question 5.a works and what may be the consequences of the attacker succeeding. 6. Imagine a company located in Charleston, IL has developed an extranet that allows its registered customers all over the world to log in and perform transactions online. For security reasons, the Intranet is configured to be available from Monday 12:00 AM EST until Friday 11:59 PM EST. You have properly configured the user accounts. You also have configured the time tracking feature as follow: 6.1. Can any registered customer be able to log in and perform transactions on a Saturday at 1:00 AM EST? Explain. 6.2. What (if any) may be done to prevent customers from logging in from Saturday 12:00 AM EST until Sunday 11:59 PM EST? 7. Most applications are written to get inputs from users, process them, and generate outputs. The number one rule for writing application programs in a secure way is “Never Trust User Input”.a. Explain why user input may cause a security breach and what kind of security breach may result from trusting user input?Sunday1:00 PMCharleston, ILMonday2:00 AMBeijing, Chinab. What can/should be done to comply with the “Never Trust User Input” rule when writing application programs?
View Full Document
Unlocking...