Security Testing Theory and Practice
Added on 2023-06-15
22 Pages5270 Words250 Views
|
|
|
Running head: SECURITY TESTING THEORY AND PRACTICE
Security Testing Theory and Practice
Name of the Student
Name of the University
Author’s Note:
Security Testing Theory and Practice
Name of the Student
Name of the University
Author’s Note:
1
SECURITY TESTING THEORY AND PRACTICE
Table of Contents
Year: 2013..................................................................................................................................2
Year 2014...................................................................................................................................6
Year 2015...................................................................................................................................9
Year 2016.................................................................................................................................13
Year 2017.................................................................................................................................16
Bibliography.............................................................................................................................21
SECURITY TESTING THEORY AND PRACTICE
Table of Contents
Year: 2013..................................................................................................................................2
Year 2014...................................................................................................................................6
Year 2015...................................................................................................................................9
Year 2016.................................................................................................................................13
Year 2017.................................................................................................................................16
Bibliography.............................................................................................................................21
2
SECURITY TESTING THEORY AND PRACTICE
Year: 2013
Question 1
a) Answer: The main differences between real time brute force password recovery
attacks and table based pre computation password recovery attacks are as follows:
i) Brute force password recovery attack is extremely easy to crack and also takes up
lower time whereas the pre-computation password recovery attack could not be cracked
easily and takes up longer time.
ii) Brute force password recovery attack is utilized for checking weak passwords and
it is completely opposite for pre-computation password recovery attack.
b) Answer: The three best practice approaches for designing the schemes of password
hashing are Lookup Tables, Reverse Lookup Tables and Rainbow Tables.
i) Lookup Tables are the most effective ways for cracking all hashes of same type
extremely fast.
ii) The Reverse Lookup Tables helps to create a particular lookup table, which
eventually maps a password hash from the database of a user. The attacker then hashes the
password guess and utilizes the lookup table for getting the user’s list of guessed password.
iii) The Rainbow Tables can be defined as the techniques of time memory trade off.
c) Answer: i) Brute Force Password Recovery Attacks: This type of attack enables the
attacker in applying the attack to several hashes simultaneously, without pre-computing the
reverse lookup table. It does affect the complexity of brute force attack. The second approach
that affects the complexity of brute force attack is rainbow table. They help to sacrifice he
speed of hash cracking.
SECURITY TESTING THEORY AND PRACTICE
Year: 2013
Question 1
a) Answer: The main differences between real time brute force password recovery
attacks and table based pre computation password recovery attacks are as follows:
i) Brute force password recovery attack is extremely easy to crack and also takes up
lower time whereas the pre-computation password recovery attack could not be cracked
easily and takes up longer time.
ii) Brute force password recovery attack is utilized for checking weak passwords and
it is completely opposite for pre-computation password recovery attack.
b) Answer: The three best practice approaches for designing the schemes of password
hashing are Lookup Tables, Reverse Lookup Tables and Rainbow Tables.
i) Lookup Tables are the most effective ways for cracking all hashes of same type
extremely fast.
ii) The Reverse Lookup Tables helps to create a particular lookup table, which
eventually maps a password hash from the database of a user. The attacker then hashes the
password guess and utilizes the lookup table for getting the user’s list of guessed password.
iii) The Rainbow Tables can be defined as the techniques of time memory trade off.
c) Answer: i) Brute Force Password Recovery Attacks: This type of attack enables the
attacker in applying the attack to several hashes simultaneously, without pre-computing the
reverse lookup table. It does affect the complexity of brute force attack. The second approach
that affects the complexity of brute force attack is rainbow table. They help to sacrifice he
speed of hash cracking.
3
SECURITY TESTING THEORY AND PRACTICE
ii) Pre-Computation Password Recovery Attack: The lookup tables are extremely
effective for the complexities of this type of attack. The main advantage of this type of attack
is that it saves computation time and makes running less stressful.
d) Answer: In UNIX systems, the user passwords are protected in the password files
known as /etc/password, which is world readable. Later it is moved to /etc/shadow and then
backed up in /etc/shadow-. This is read by root and the passwords are hashed and salted.
e) Answer: Pre-computed hash tables or rainbow tables are utilized for cracking
password hashes. It eventually reversed the functions of cryptographic hash. The plaintext
password can be recovered up to a specific length that comprises of a restricted character
collection. Rainbow tables are defined as the time memory trade off techniques and are
extremely effective in increasing the effectiveness of password cracking tools.
Question 2
a) Answer: The three steps of XSS attack are as follows:
i) Searching for the Vulnerable Website: The hackers utilize google dork for
searching any vulnerable site and thus target the users.
ii) Testing the Vulnerability: The vulnerability of the site needs to be tested by
injecting the own script.
iii) Exploiting the Vulnerability: The third step is to exploit the vulnerability of the
targeted website.
b) Answer: The differences between reflected and stored XSS attacks are as follows:
Reflected attacks are those attacks where an injected script is solely reflected from the
web server like the search result, error message or other responses. It includes most of the
SECURITY TESTING THEORY AND PRACTICE
ii) Pre-Computation Password Recovery Attack: The lookup tables are extremely
effective for the complexities of this type of attack. The main advantage of this type of attack
is that it saves computation time and makes running less stressful.
d) Answer: In UNIX systems, the user passwords are protected in the password files
known as /etc/password, which is world readable. Later it is moved to /etc/shadow and then
backed up in /etc/shadow-. This is read by root and the passwords are hashed and salted.
e) Answer: Pre-computed hash tables or rainbow tables are utilized for cracking
password hashes. It eventually reversed the functions of cryptographic hash. The plaintext
password can be recovered up to a specific length that comprises of a restricted character
collection. Rainbow tables are defined as the time memory trade off techniques and are
extremely effective in increasing the effectiveness of password cracking tools.
Question 2
a) Answer: The three steps of XSS attack are as follows:
i) Searching for the Vulnerable Website: The hackers utilize google dork for
searching any vulnerable site and thus target the users.
ii) Testing the Vulnerability: The vulnerability of the site needs to be tested by
injecting the own script.
iii) Exploiting the Vulnerability: The third step is to exploit the vulnerability of the
targeted website.
b) Answer: The differences between reflected and stored XSS attacks are as follows:
Reflected attacks are those attacks where an injected script is solely reflected from the
web server like the search result, error message or other responses. It includes most of the
4
SECURITY TESTING THEORY AND PRACTICE
input that is sent to the server as a request. When the user is tricked into clicking on any
malicious link, the injected code enters into the website that reflects back the attack in the
browser of the user. This is also known Non Persistent or Type II XSS.
Stored XSS attacks are those particular attacks where the script that is injected can be
stored permanently on the targeted servers like in a visitor log, database, and comment field
and message forum. The victim eventually retrieves the infected script from server when the
stored information is requested. This type of attack is also known as Persistent or Type I
XSS.
c) Answer: Poor data or input validation can be defined as the data is not strongly
typed, improper syntax or does not contain permitted characters within ranged boundaries.
Two significant examples of such poor data validation are as follows:
i) While entering month number, when user gives input as number 13, it is wrong.
ii) When user wrongly puts name in place of address, it is poor data validation.
d) Answer: The sanitization approach helps to accept the user data. There is a broad
range of acceptable input.
For example, when there is a form filed like <input type="text" id="title"
name="title" />
The data could be sanitized with sanitize_text_field() function.
It is extremely useful for protecting against the XSS attacks as it helps to secure the
output. The option is known as escaping.
e) Answer: The differences between XSRF and XSS attacks are as follows:
SECURITY TESTING THEORY AND PRACTICE
input that is sent to the server as a request. When the user is tricked into clicking on any
malicious link, the injected code enters into the website that reflects back the attack in the
browser of the user. This is also known Non Persistent or Type II XSS.
Stored XSS attacks are those particular attacks where the script that is injected can be
stored permanently on the targeted servers like in a visitor log, database, and comment field
and message forum. The victim eventually retrieves the infected script from server when the
stored information is requested. This type of attack is also known as Persistent or Type I
XSS.
c) Answer: Poor data or input validation can be defined as the data is not strongly
typed, improper syntax or does not contain permitted characters within ranged boundaries.
Two significant examples of such poor data validation are as follows:
i) While entering month number, when user gives input as number 13, it is wrong.
ii) When user wrongly puts name in place of address, it is poor data validation.
d) Answer: The sanitization approach helps to accept the user data. There is a broad
range of acceptable input.
For example, when there is a form filed like <input type="text" id="title"
name="title" />
The data could be sanitized with sanitize_text_field() function.
It is extremely useful for protecting against the XSS attacks as it helps to secure the
output. The option is known as escaping.
e) Answer: The differences between XSRF and XSS attacks are as follows:
5
SECURITY TESTING THEORY AND PRACTICE
XSRF attacks occur in authenticated sessions, where the server builds trust on the user
or browser. Whereas, XSS attacks do not require any authenticate session and thus could be
exploited when the vulnerable website does not do the basic of escaping or validating input.
Question 5
a) Answer: The popular methodology for security testing is OSSTMM or Open
Source Security Testing Methodology Manual.
b) Answer: CVE system gives a typical reference method for publicly recognized
information security exposures and vulnerabilities.
CVE Identifiers are common unique identifiers for the publicly recognized
information security vulnerabilities.
CVE identifiers are extremely useful for security testing as it has a number with it and
it makes it a unique identifier.
c) Answer: A well known automated vulnerability scanner is OpenVAS or Open
Vulnerability Assessment System.
i) The benefit of performing vulnerability identification manually is that it helps to
identify programming errors, which can be cyber attacks.
ii) The benefit of performing vulnerability identification automatically is that it helps
to gather information.
d) Answer: Fuzzing is the technique of automated software testing, which involves
including unexpected, invalid and random data as the input to any computer program.
Fuzzing method can be utilized during security assessment of an organization as it
helps to remove the software vulnerabilities.
SECURITY TESTING THEORY AND PRACTICE
XSRF attacks occur in authenticated sessions, where the server builds trust on the user
or browser. Whereas, XSS attacks do not require any authenticate session and thus could be
exploited when the vulnerable website does not do the basic of escaping or validating input.
Question 5
a) Answer: The popular methodology for security testing is OSSTMM or Open
Source Security Testing Methodology Manual.
b) Answer: CVE system gives a typical reference method for publicly recognized
information security exposures and vulnerabilities.
CVE Identifiers are common unique identifiers for the publicly recognized
information security vulnerabilities.
CVE identifiers are extremely useful for security testing as it has a number with it and
it makes it a unique identifier.
c) Answer: A well known automated vulnerability scanner is OpenVAS or Open
Vulnerability Assessment System.
i) The benefit of performing vulnerability identification manually is that it helps to
identify programming errors, which can be cyber attacks.
ii) The benefit of performing vulnerability identification automatically is that it helps
to gather information.
d) Answer: Fuzzing is the technique of automated software testing, which involves
including unexpected, invalid and random data as the input to any computer program.
Fuzzing method can be utilized during security assessment of an organization as it
helps to remove the software vulnerabilities.
End of preview
Want to access all the pages? Upload your documents or become a member.
Related Documents
Demonstration of penetration testing toolslg...
|5
|1455
|19
Ethical Hacking and Penetration Testing : Presentationlg...
|10
|689
|39
Cyber Security and Analysislg...
|10
|1318
|36
Evaluation of Password Cracking Tools: John the Ripper and Rainbow Cracklg...
|19
|2345
|42
Password Cracking Tools: Cain & Abel and Ophcracklg...
|16
|1592
|99
Analysis on Cyber Security 2022lg...
|5
|1240
|21