Unformatted text preview: No 5. What is black box testing on a web site or web application? Testing a web site or application’s functionality. Can only see inputs and outputs of application. 6. Explain the skipfish command in detail: : ./skipfish –o /var/scans/is308lab.org –A admin:password –d 3 –b I –X logout.jsp –r 200000 7. During the manual code review, what is noticed about high.php to make it less likely to victimize users with XSS reflection and why is it considered more secure? 8. Would Firefox be considered a web application assessment tool? Yes 9. Compare and contrast a pent testing tool such as OWASP WebScarab with an automatic analysis tool like skipfish. 10. Judging from the two scan reports, describe how Skipfish and Rats can complement one another. One covers areas the other does not...
View Full Document
- Fall '13
- Networking, web site, Static code analysis, Skipfish