Assignment:
Question 1:
a. What is Transparent Data Encryption? Why is it transparent? What types of encryption does it support? Explain how TDE protects against attacks by privileged OS users?
b. Identify and explain 4 primary defenses against SQL injection attacks.
c. What specific encryption techniques does Amazon RDS use for protecting databases at rest? What encryption techniques and protocolsdoes Amazon RDS use to protect data in flight?
Question 2:
a. Explain how a reflected XSS attack is different from a persistent XSS attack. Provide examples of attack scenarios for each.
b. As per the OpenCanvas Learning YouTube video, there are 6 components which come together to make a web browser work. Pick 4 out of the 6 components and explain what each of those components does to get the browser to function.
c. Describe the main difference between session cookies and persistent cookies. Describe3 steps that we used to exploit information contained in cookies to launch a privilege escalation attack (based on one of the lab exercises).
Question 3:
a. Explain what server hardening meansin your own words. Which specific web application security risk in the OWASP Top 10 list from 2017 is hardening supposed to best protect against?
b. Explain how a replay attack works using your own words.
c. Explain what a web application firewall is and how it is different from a traditional network firewall. Which layer in the 7-layer OSI architecture does each operate at?
d. Complete the following table of cloud service models by specifying whether the customer (C) or the service provider (SP) is responsible for hardware, operating system, applications, and data. From a customer perspective, which of the 3 cloud service models is most secure (theoretically)?
|
Cloud Service Model
|
Hardware
|
Operating System
|
Applications
|
Data
|
|
SaaS
|
|
|
|
|
|
PaaS
|
|
|
|
|
|
IaaS
|
|
|
|
|
Question 4:
a. Describe two main differences between Java and JavaScript.
b. Explain what an XML external entity is in your own words. Provide an example of XML code that uses an external entity. Explain how an XML external entities injection attack can be used to display the contents of the /etc/passwd file.
c. Describe what flaw debt is in your own words. Provide 3 main takeaways from the chart provided below.
Attachment:- Percent of Flaws.rar