What is the /etc/passwd file and what operating systems use it?
computer science
Description
Hardening
PHP Web Apps – Path Traversal and LFI
Question
A1
|
What is the /etc/passwd
file and what operating systems use it? |
Question
A2
|
What is PHP and why was it developed? |
Question
A3
|
Explain in detail the syntax: if (!in_array($page,
$valid_pages, TRUE)){ |
Question
A5
|
What are the differences between directory path
traversal and file inclusion vulnerabilities? Which are more serious?
Explain. |
Question
C1
|
What is the difference between /etc/passwd and /etc/shadow? Are either of these configurations more secure than
the other? Explain. |
Question
C2
|
Find an example of a real-world PHP file inclusion
vulnerability at a site such as www.securityfocus.com.
Describe the vulnerability and suggest ways to fix it. |
Question
C3
|
What are the three main
error types in PHP and how do they differ? Why is important for a developer
to understand these? |
Question
C4
|
SQL injection is a
serious problem. Find where it appears in the CWE/SANS Top 25 Most Dangerous
Software Errors list and the OWASP Top 10 list. What are the implications of
these rankings for developers? Are these types of vulnerabilities best
addressed in the design phase or when coding (during implementation)? How
could you test for these vulnerabilities if using PHP? |
Question
C5
|
A remote file inclusion vulnerability (RFI)
exploits the dynamic file inclusion mechanism in a web application by giving an
attacker the ability to insert/include remote files to the web server and
execute them. Explain how this works and how developers can prevent them. |
Hardening
PHP Web Apps – OS Command Injection
Question
A1
|
What is the cat
command? |
Question
A2
|
What is ping
and what can it tell the user? |
Question
A3
|
Regular
expressions are useful tools when dealing with strings. What is a regular
expression and explain how preg_match
implements them in PHP? |
Question
A4
|
Explain the syntax and semantics of this line network-tools.php file: echo "<div
class=results>Invalid Host Name</div>"; |
Question
A5
|
Explain what changes would have to be made to
enable IPv6 support for any web application. Give at least two testing
strategies to ensure that the changes work as intended. (Note: no need to
write code to answer this question) |
Question
C1
|
Explain the difference between whitelisting and
blacklisting. Give an application where one would be better than the other.
Explain how this relates to the security concept of fail-safe defaults. |
Question
C2
|
Find an example of a command injection vulnerability
in another language from a site such as OWASP. Do any languages appear more
vulnerable to these types of problems that others? Explain. |
Question
C3
|
You have been tasked by
a developer to test for command injection vulnerabilities in their application.
Give a robust description of how you would test for these and provide sample
test cases that might be used. |
Question
C4
|
Besides whitelisting and
blacklisting, what other things can be done to remediate command injection
vulnerabilities? Describe how these remediation steps would be tested as
well. |
Question
C5
|
Burp is a graphical tool for testing web
applications and their security. Explain how you could use a proxy tool like
Burp to test for OS command injections in a web application. If a vulnerability
is found, is there a way to fix it without rewriting code? Explain. |
Hardening
PHP Web Apps – Broken Access Control
Question
A1
|
If cookies are easy to change, why are they used
at all? What potential security problems might they create? |
Question
A2
|
What does the function created require_admin() do when called?
Explain the syntax and semantics. |
Question
A3
|
Negative
dollar amounts were initially allowed in web application. When in the
development process should the requirement to disallow first have been
documented? During what phase of development should it first have been
discovered that it was incorrect? Explain. |
Question
A4
|
What additional test cases would you suggest to
further ensure that all of the problems that created by cookies were fixed? |
Question
A5
|
There are other cookies also used by any
application. What are they used for and how would you test to see if they are
being used correctly? |
Question
C1
|
For an application which initially had access
control violations. If you were a system administrator, how might you detect
that someone was abusing the system prior to it being fixed? In general, how
can access control violations be detected in any system? |
Question
C2
|
One way to potentially mitigate security problems
with cookies is to limit their lifetime or origin. Explain the difference
between session, permanent, and third-party cookies and what security
implications come with the use of each type. |
Question
C3
|
What recent improvements
to cookie security should application and framework developers take advantage
of in order to protect their systems? How would one know if the most secure
configurations are being used? |
Question
C4
|
Describe how
vulnerability mapping would work in an application like the one in the lab.
Would vulnerability mapping have found the security problems with this
application? Explain. |
Question
C5
|
Use cases are commonly used in software
development. Explain how abuse cases,
an adaptation of use cases, can be used to model specifications for security requirements.
What abuse cases might have been helpful in finding the security problems
with this lab? |
