Deck 8: Security of Web Applications

In passive mode, the FTP client must listen and wait for the server connection.

When properly configured to afford anonymous users only very limited access, the FTP server works well.

The Common Gateway Interface (CGI) is a programming language in and of itself.

A sender with a valid internal IP address should be allowed to send e-mail to external e-mail addresses.

Most of the weaknesses with SNMP occur with Version 1 of SNMP.

Match each item with a statement below.
a.Telnet
f.CGI
b.SNMP
g.Perl
c.NNTP
h.PHP
d.CSS
i.CSRF
e.XML
Developed specifically to allow developers to create dynamically generated HTML content.

During a(n) ____________________ attack, a malicious user sends a flood of e-mail to the e-mail server.

DNS ____________________ consists of inserting incorrect translation information within the DNS server (or within the communication between the resolver and server) in order to take a legitimate domain name and point the resolver to a malicious server, thereby secretly subverting the session.

Match each item with a statement below.
a.Telnet
f.CGI
b.SNMP
g.Perl
c.NNTP
h.PHP
d.CSS
i.CSRF
e.XML
Developed in 1987 by Larry Wall as an interpreted language (based on C syntax) that helps provide a more robust scripting capability for UNIX.

____________________ queries are initiated by clients to resolve a fully qualified domain name (FQDN)to its IP address.

Match each item with a statement below.
a.Telnet
f.CGI
b.SNMP
g.Perl
c.NNTP
h.PHP
d.CSS
i.CSRF
e.XML
Standardizes the HTML formatting for an entire Web site by allowing developers to customize fonts, tables, and other page elements.

Match each item with a statement below.
a.Telnet
f.CGI
b.SNMP
g.Perl
c.NNTP
h.PHP
d.CSS
i.CSRF
e.XML
An API (application programming interface) that allows external programs or scripts to interact with a Web server.

____________________ is used to send Internet mail.

Match each item with a statement below.
a.Telnet
f.CGI
b.SNMP
g.Perl
c.NNTP
h.PHP
d.CSS
i.CSRF
e.XML
An extension to HTML that allows developers to define their own tags for structure.

Match each item with a statement below.
a.Telnet
f.CGI
b.SNMP
g.Perl
c.NNTP
h.PHP
d.CSS
i.CSRF
e.XML
Used to monitor the status and performance of network devices and systems.

Match each item with a statement below.
a.Telnet
f.CGI
b.SNMP
g.Perl
c.NNTP
h.PHP
d.CSS
i.CSRF
e.XML
Designed to facilitate Usenet newsgroup communications.

The ____________________ is a set of applications (the software) that runs on top of the Internet.

Match each item with a statement below.
a.Telnet
f.CGI
b.SNMP
g.Perl
c.NNTP
h.PHP
d.CSS
i.CSRF
e.XML
Allows users to connect a remote shell to run programs, view files, and perform a variety of other operations as if they were using the system locally.

Match each item with a statement below.
a.Telnet
f.CGI
b.SNMP
g.Perl
c.NNTP
h.PHP
d.CSS
i.CSRF
e.XML
An attack that exploits a Web site's trust or previous authentication of a user.

Provide a brief overview of DNS operations.

Why are more and more organizations turning to encryption to make sure data is stored in a format that cannot be leaked if a system is compromised?

List five best practices a Web system administrators should use to secure a Web server.

Compare the Trivial File Transfer Protocol (TFTP) to FTP.

List four standard operations that can be performed by the LDAP protocol.

Describe the most common way a Web client can access Web servers.

Explain why cross-site scripting (XSS) vulnerabilities may be the least understood.

Describe an open relay.

What is the "POP before SMTP" authentication method and how is it used to defend against improper use of an SMTP server?

Why is insufficient transport layer protection considered to be a threat in Web applications?.