Module 10: Hacking Web Servers

Ace your homework & exams now with Quizwiz!

Why should security professionals have at least a little knowledge about the Apache Web Server?

Apache Web Server is said to run more Web servers than IIS.

What tool included with Kali Linux allows you to intercept traffic between the web browser and the server so you can inspect and manipulate requests before sending them to the server?

Burp Suite

Which of the following is the interface that determines how a Web server passes data to a Web browser?

CGI

How can developer tools be used by attackers?

Developer tools allow an attacker to tamper with and resend requests.

Which of the following application tests analyzes a running application for vulnerabilities?

Dynamic Application Security Testing

Exploits posted on the Packet Storm website and Exploit Database website are often added to which plug-ins?

Metasploit

Which of the following programming languages was originally used primarily on UNIX systems, but is used more widely now on many platforms, such as Macintosh and Windows?

PHP

Why is creating a virtual directory recommended?

Virtual directories enhance security.

To keep attackers from knowing the directory structure you create on an IIS web server, an individual should create what?

Virtual directory

How does the Wapiti vulnerability scanner work?

Wapiti uses two methods when scanning: "fuzzing" and searching for known vulnerabilities.

What type of useful tools can a security tester find available in both Firefox and Chrome Web browsers?

developer tools

Which JavaScript function is a "method" or sequence of statements that perform a routine or task?

getElementById()

What element is used in an HTML document to allow customers to submit information to the web server?

<form>

How do CGI and ASP.NET differ?

CGI can be implemented with a scripting language such as Perl to create dynamic webpages.

When an application needs to undergo troubleshooting, developers can enable debugging, which provides rich logging information helpful to diagnose issues. Which statement about the debugging mode is true?

No information or only a generic message should be displayed to users in error cases that require debugging.


Related study sets

Health and Physical Assessment (Adult)

View Set

Fundamentals ATI - missed practice questions

View Set

World War I and the Russian Revolution Review

View Set

Understandable Statistics - Chapter 2

View Set