Reference no: EM132972477
Assessment Task 1: Knowledge Questions
Q1. Explain in at least one sentence the following components / technologies of web application and web server:
1. HTTP Server (for example Apache)
2. Database Server (for example MySql)
3. Backend (Server side) scripting (for example PHP)
4. Operating system (for example Windows, Linux)
5. DNS server
6. Web Firewall operations/configurations
• Block by default
• Allow specific traffic
• Specify source IP addresses
• Specify the destination IP address
• Specify the destination port
Q2. The following picture is an HTTP request from a client to a web server. Answer the following questions about the HTTP protocol
1. What is the web server domain name we are trying to connect to?
2. What is the web browser the user is using?
3. What is the specific web page the user is trying to open (full path + file name is required)?
4. What is the web protocol used? (including version of the protocol)
5. Identify the HTTP operation in this request.
Q3. What is the default port number for HTTP?
What is the default port number for HTTPS?
Q4. With you understanding of DNS server, explain in at least a paragraph how the web browser determines which IP address will resolve the domain name "google.com" when this is queried.
Q5. Explain in at least at least a paragraph the process of "TCP/IP Encapsulation and Decapsulation"
Q6. Explain OSI 7-layer model. List all 7 layers and explain in at least a paragraph of each of them.
Q7. Map the following internet protocols to the correct layer of the OSI 7-layer model
Q8. In IT terms, what is the primary function of a firewall? Describe three features and three operations?
Q9. You currently have a basic firewall that only understands IP addresses and port numbers but you need extra protection for your company web server (run over HTTP).
What is the OSI layer your firewall must operate at to understand HTTP traffic?
Q10. Use the OWASP framework to identify common software and web security vulnerabilities. Search for the "Top Ten Project" on the OWASP website and answer the following questions
1. Which is the latest version of "Top Ten". Identify the name?
2. What is the link to the latest "Top Ten" PDF document?
3. List the names of the ten risks below.
Q11. Briefly describe the following common Web application security risks and vulnerabilities based on the OWASP framework:
• A1:2017- Injection
• A2:2017-Broken Authentication
• A3:2017- Sensitive Data Exposure
• A4:2017-XML External Entities (XXE)
• A5:2017-Broken Access Control
Q12. What is the tool DIRB (Directory Buster) used for?
Q13. What is the tool Nikto used for?
Q14. What is the tool "nmap" used for?
Q15. What is the tool Burp Suite used for? Explain at least 3 tools embedded in Burp Suite.
Q16. About the term AAA, match the correct term with its description.
The process of granting or denying a user access to resources Authentication
Accounting
Authorisation
The process of keeping track of a user's activity while accessing the network resources Authentication
Accounting
Authorisation
The process of identifying an individual Authentication
Accounting
Authorisation
Q17. Explain in at least one sentence what web application server architecture is and list two web application components?
Attachment:- Expose website security vulnerabilities.rar