a brief description with examples
1. fuzzing
2. secure coding concepts
3. cross site scripting(xss)
4. cross site request forgery
Answer:
1. Fuzzing: Fuzzing or fuzz testing is an automated software testing technique that involves providing invalid, unexpected, or random data as inputs to a computer program. The program is then monitored for exceptions such as crashes, or failing built-in code assertions or for finding potential memory leaks.
For example: AutoIt v3, It is a freeware BASIC-like scripting language designed for automating the Windows GUI and general scripting. It uses a combination of simulated keystrokes, mouse movement and window/control manipulation in order to automate tasks
2. Secure coding concepts: Secure coding is a set of technologies and best practices for making software as secure and stable as possible. It encompasses everything from encryption, certificates, and federated identity to recommendations for moving sensitive data, accessing a file system, and managing memory. Although the security landscape is always changing, secure coding tries to make building secure software more of a science than an art.
For example, if your system requires different privileges at different times, consider dividing the system into distinct intercommunicating subsystems, each with an appropriate privilege set.
3. Cross site scripting(xss): Cross-site scripting (also known as XSS) is a web security vulnerability that allows an attacker to compromise the interactions that users have with a vulnerable application. It allows an attacker to circumvent the same origin policy, which is designed to segregate different websites from each other.
For example, the attacker could send the victim a misleading email with a link containing malicious JavaScript. If the victim clicks on the link, the HTTP request is initiated from the victim's browser and sent to the vulnerable web application. The malicious JavaScript is then reflected back to the victim's browser, where it is executed in the context of the victim user's session.
4. Cross site request forgery: Cross site request forgery (CSRF), also known as XSRF, Sea Surf or Session Riding, is an attack vector that tricks a web browser into executing an unwanted action in an application to which a user is logged in.
A successful CSRF attack can be devastating for both the business and user. It can result in damaged client relationships, unauthorized fund transfers, changed passwords and data theft—including stolen session cookies.
For example, Alice wishes to transfer $100 to Bob using the bank.com web application that is vulnerable to CSRF. Maria, an attacker, wants to trick Alice into sending the money to her instead.
Please give thumbsup, if you like it. Thanks.
a brief description with examples 1. fuzzing 2. secure coding concepts 3. cross site scripting(xss) 4....
XSS = cross site scripting 6. Please answer following questions related to defenses to XSS attacks. (15’ compulsory for Msc, 10’ bonus for Undergraduate) 1) Input escaping. Essentially, evey Web page will include a piece of JavaScript code that will search for tags like “
1. What is the definition of prevention? 2. Give 4 examples of prevention and a brief explanation of each on. 3. What is the definition of treatment? 4. Give 4 examples of a treatment and a brief description of each one.
brief description of each 1. process used in PKI 2. process of revocation in PKI 3. digital signature 4. digital certificate
2. Match each of the following structures with its correct description: a. vulva 1. site of implantation b. ovary 2. birth canal and organ of copulation c, uterine tube 3. site of fertilization d. vagina. 4. female gonad e, uterus 5. external genitalia PRE-LA B Activity 3: Modeling Meiosis 1. Match each phase of mitosis with its description: a. anaphase 1. chromosomes become visible b, telophase 2. chromosomes line up along the equator c, prophase 3. sister chromatids separate, move...
Define: 1. Cryptography – asymmetric vs. symmetric, examples of modern cryptographic systems (protocols) use which? 2. Block ciphers – how they work, examples and best uses 3. Encryption vs. Hashing, how they work to together – which areas in the security triad do they satisfy? 4. How do embedded systems affect security? 5. Ethics and white hat hacking 6. Legal/ethical issues with running some tools “in the wild” 7. Role of routers/firewalls in security 8. DMZ role in security 9....
Questions 1. List the development steps for an RFP process. Provide a brief description of each step and describe which step you feel is most critical and explain why. 2. Describe three benefits of a long term partnership when outsourcing work. Do you believe outsourcing is beneficial for a small company? Explain why or why not. 3. List two major contract types. For each contract type, provide three examples where these contracts may be used in the real world.
Write a brief summary of each portion with examples (NOT FROM TEXTBOOK) of the GASCAP/T: 1. Generalization 2. Analogy 3. Sign 4. Consequence 5. Authority 6. Principle 7. Testimony
cultural lag Question 3 2 pts (TCOS 3 & 4) The process that occurs when concepts, ideas, language, and behaviors cross cultural boundaries is cultural diffusion cultural lag marginalization discrimination cultural diversity Question 4 2 pts (TCOS 3 & 4) This refers to cultural beliefs that justify particilor social arrangements including patterns of inequality racism etnocentrism prejudice Cultural la Ideology
4. Provide a brief definition/description for each of the following securities. Your answers must indicate issuer(s), major investors, typical initial maturity, default risk, liquidity risk, and any other key information about that security. (5 points each) 1. Federal funds 2. Commercial paper 3. Corporate bonds 4. Treasury notes
Chapter 22 1. What produces electromagnetic waves? 2. Provide a very brief description of the following kinds of electromagnetic radiation: radio waves, microwaves,infrared waves, visible light, ultraviolet light,x-rays, and gamma rays 3.List the types of electromagnetic radiation in order of increasing wavelength or increasing frequency