Web application security - the fast guide 1.1 | Page 186

Chapter 9 - Secure Application Development
P a g e | 186
9.8 QUIZ:
1. What is special about web application security is:
a. difficult to protect due to open standards and
b. easy to patch due to centralized source situated on the web server
c. difficult to protect due to the need of 24/7 availability in most
cases.
d. All the above.
2. One of the main problems in penetrate and patch approach:
a. It is difficult to implement
b. It cannot help in solving buffer overflow and cross site scripting
c. It is considered as expensive approach because of late patch
implementation.
d. All the above
3. The usage of security centric approach in web application
development will lead to:
a. Getting better security due to ability to analyze code in dynamic
analysis and black box testing.
b. Minimize the overall development cost comparing with late
penetrate and patch approach.
c. Minimize the time to deliver due to agility and unstructured
development process
d. All the above
4. Use Microsoft attack surface analyzer (provided in
supplementary materials) to enumerate the attack surface of any
local web application you select served by the IIS web server on
your machine.
Main steps are:
1. ensure the "Run new scan" action is selected, confirm the
directory and filename you would like the Attack Surface data
saved to and click Run Scan.
2. Attack Surface Analyzer then takes a snapshot of your system
state and stores this information in a Microsoft Cabinet (CAB)
file. This scan is known as your baseline scan.
3. Install your application, enabling as many options as possible
and being sure to include options that you perceive may
increase the attack surface of the machine. Examples include; if
your product can install a Windows Service, includes the option
to enable access through the Windows Firewall or install
drivers.
4. Run your application.