NT2580 NT 2580 - Unit 2 Lab 2 1. What is the application ZenMap GUI typically used for? Describe a scenario in which you would use this type of application. ZenMap GUI is typically used for port scanning. It can be used to see what hosts are on the network and to see what services they are running. 2. What is the relationship between risks, threats and vulnerabilities as it pertains to Information Systems Security throughout the seven domains of a typical IT infrastructure? Threats and vulnerabilities lead to risks. If you know the threats and vulnerabilities that are in your infrastructure, you can be better prepared to deal with the risks. 3. Which application is used for Step #2 in the hacking process to perform a vulnerability assessment scan? Nessus is used to check for vulnerabilities. 4. Before you conduct an ethical hacking process or penetration test on a live production network, what must you do prior to performing the reconnaissance and probing and scanning procedures? You must get written permission.
Introduction to Information Security NT2580 Instructor: Robert Freid Student: Scott Cumston 11/07/2013 1. Why is it critical to perform a penetration test on a web application prior to production implementation? To make sure no one can penetrate your web application before you put it in a live situation. 2. What is a cross-site scripting attack? Explain in your own words. A cross-site scripting attack is a computer security vulnerability typically found in web applications that enables attacks to inject client side script into web pages viewed by others. 3. What is a reflective cross-site scripting attack? A reflective attack involves the web application dynamically generating a response using non-sanitized data from the client scripts. 4. What common method of obfuscation is used most in real world SQL attacks? One of the more common obfuscated SQL injection attacks is described as “ASCII HEX