Web application security - the fast guide 1.1 | Page 86

Chapter 4 - Be the attacker
P a g e | 86
6. Collecting information about intermediaries can be done
through:
a. Scan surrounding IP addresses
b. Detect multiple SSL certificates.
c. Using Trace command that echo the exact request and detect
changes
d. All the above
7. Automatic Spidering for web application might not give the
expected benefit in all those cases EXCEPT:
a. complicated Java Scripts or compiled client code like flash or java
applet.
b. the multilevel input validation techniques
c. having a single URL usage for multiple action
d. the absence of robot.txt file
8. information that should be documented in mapping phase are:
a. pages’ information and Directory structure
b. common file extension and content based on plugin
c. cookies and query string and parameters.
d. All the above
9. Connect each of the following tool name with common functionality it
provides
1-Black widow a-Site structure
2-Dir buster b-De-compiler
3-JAD c-Row network
connection
4-NetCat d-Mirror site
10. minimizing mapped information can be achieved through
a. using absolute paths instead of relative ones
b. increase the usage of path traversal whenever possible
c. be sure to set execution permission to active on JavaScript folder
otherwise none of your script will work
d. Use different root folders for user and administrator
Answers key
1
b
2
d
3
d
4
d
5
b
6
d
7
d
8
d
9
1d2a3b4c
10
d