Lab 7 Assessment Worksheet

Lab 7 Assessment Worksheet - Students Wayne S McKenzie...

Info icon This preview shows page 1. Sign up to view the full content.

Students: Wayne S. McKenzie Instructor: Ms. Crawford Course: IS3445 Security For Web Applications And Social Networking Assignment: Lab #7 Assessment Worksheet – Perform Dynamic and Static Quality Control Testing Due Date: 7/30/13 Lab Assessment Questions & Answers 1. How does Skipfish categorize findings in the scan report? As high risk flaws, medium risk flaws, and low issue scans 2. Which tool used in the lab is considered a static analysis tool? RATS. Explain what is referred to by static code analysis. The running of static code analysis tools that attempt to highlight possible vulnerabilities within 'static' (non-running) source code. 3. What possible high risk vulnerabilities did the Rats tool find in the DVWA application source code? Allow system commands to execute 4. Did the static analysis tool find all the potential security flaws in the application?
Image of page 1
This is the end of the preview. Sign up to access the rest of the document.

Unformatted text preview: No 5. What is black box testing on a web site or web application? Testing a web site or application’s functionality. Can only see inputs and outputs of application. 6. Explain the skipfish command in detail: : ./skipfish –o /var/scans/ –A admin:password –d 3 –b I –X logout.jsp –r 200000 7. During the manual code review, what is noticed about high.php to make it less likely to victimize users with XSS reflection and why is it considered more secure? 8. Would Firefox be considered a web application assessment tool? Yes 9. Compare and contrast a pent testing tool such as OWASP WebScarab with an automatic analysis tool like skipfish. 10. Judging from the two scan reports, describe how Skipfish and Rats can complement one another. One covers areas the other does not...
View Full Document

  • Fall '13
  • Networking, web site, Static code analysis, Skipfish

{[ snackBarMessage ]}

What students are saying

  • Left Quote Icon

    As a current student on this bumpy collegiate pathway, I stumbled upon Course Hero, where I can find study resources for nearly all my courses, get online help from tutors 24/7, and even share my old projects, papers, and lecture notes with other students.

    Student Picture

    Kiran Temple University Fox School of Business ‘17, Course Hero Intern

  • Left Quote Icon

    I cannot even describe how much Course Hero helped me this summer. It’s truly become something I can always rely on and help me. In the end, I was not only able to survive summer classes, but I was able to thrive thanks to Course Hero.

    Student Picture

    Dana University of Pennsylvania ‘17, Course Hero Intern

  • Left Quote Icon

    The ability to access any university’s resources through Course Hero proved invaluable in my case. I was behind on Tulane coursework and actually used UCLA’s materials to help me move forward and get everything together on time.

    Student Picture

    Jill Tulane University ‘16, Course Hero Intern