Deck 10: Hacking Web Servers

Web applications written in CFML can also contain other client-side technologies, such as HTML and JavaScript.

A user can view the source code of a PHP file by using the browser's "View Source" option.

OLE DB relies on connection strings that enable the application to access the data stored on an external device.

JavaScript is a server-side scripting language that is embedded in an HTML Web page.

In Windows, IIS stands for ______________________________.

MATCHING
Match each term with the correct statement below.
a.WebGoat
f.Wfetch
b.HTML
g.JScript
c.CGI
h.virtual directory
d.Cgi Scanner v1.4
i.XSS
e.Apache
helps beginning Web application security testers gain a better understanding of the areas covered in the OWASP top ten Web applications vulnerability list

MATCHING
Match each term with the correct statement below.
a.WebGoat
f.Wfetch
b.HTML
g.JScript
c.CGI
h.virtual directory
d.Cgi Scanner v1.4
i.XSS
e.Apache
language developed by Microsoft

CFML stands for ______________________________.

MATCHING
Match each term with the correct statement below.
a.WebGoat
f.Wfetch
b.HTML
g.JScript
c.CGI
h.virtual directory
d.Cgi Scanner v1.4
i.XSS
e.Apache
a Web server

MATCHING
Match each term with the correct statement below.
a.WebGoat
f.Wfetch
b.HTML
g.JScript
c.CGI
h.virtual directory
d.Cgi Scanner v1.4
i.XSS
e.Apache
tool for searching Web sites for CGI scripts that can be exploited

MATCHING
Match each term with the correct statement below.
a.WebGoat
f.Wfetch
b.HTML
g.JScript
c.CGI
h.virtual directory
d.Cgi Scanner v1.4
i.XSS
e.Apache
GUI tool that can be downloaded free from Microsoft and is included in the IIS Resource Kit

MATCHING
Match each term with the correct statement below.
a.WebGoat
f.Wfetch
b.HTML
g.JScript
c.CGI
h.virtual directory
d.Cgi Scanner v1.4
i.XSS
e.Apache
foundation of most Web applications

____________________ Web pages display the same information regardless of the time of day or the user who activates the page.

MATCHING
Match each term with the correct statement below.
a.WebGoat
f.Wfetch
b.HTML
g.JScript
c.CGI
h.virtual directory
d.Cgi Scanner v1.4
i.XSS
e.Apache
main role is passing data between a Web server and Web browser

MATCHING
Match each term with the correct statement below.
a.WebGoat
f.Wfetch
b.HTML
g.JScript
c.CGI
h.virtual directory
d.Cgi Scanner v1.4
i.XSS
e.Apache
stands for cross-site scripting flaw

____________________ Web pages can vary the information that's displayed depending on variables such as the current time and date, user name, and purchasing history (information collected via cookies or Web bugs).

MATCHING
Match each term with the correct statement below.
a.WebGoat
f.Wfetch
b.HTML
g.JScript
c.CGI
h.virtual directory
d.Cgi Scanner v1.4
i.XSS
e.Apache
keeps attackers from knowing the directory structure on an IIS Web server

To keep attackers from knowing the directory structure you create on an IIS Web server, creating a(n) ____________________ is recommended so that the path a user sees on the Web browser is not the actual path on the Web server.

What is JavaScript?

What is OWASP?

What is ODBC used for?

What is ActiveX Data Objects (ADO)?

As a security professional, what should you do after identifying that a Web server you are testing is using PHP?

What is ColdFusion?

Why should security professionals have at least a little knowledge about the Apache Web Server?

Dynamic Web pages need special components for displaying information that changes depending on user input or information obtained from a back-end server. What kind of components can Web pages use to achieve this?

What is VBScript?

What features does the current version of Wfetch offer?

What can an attacker do after gaining control of a Web server?

What is the main difference between HTML pages and Active Server Pages (ASP)?