Web application and a Web server

1. Why is it critical to perform a penetration adjudicate on a Web practical application and a Web server prior to action implementation? Although mevery governments lose reduce significant number of design and coding defects through softw ar system development lifecycle there still remains security holes that arise when an application is deployed and interacts with other(a) processes and different operating systems (Cobb, 2014). Another reason that penetration test is critical is many Payment Card Industry Data security measures Standard (PCI DSS) mandate internal and external penetration test (Cobb,2014).2. What is a cross-site scripting attack? Explain in your own words. Cross-site scripting is when an attacker exploits the controls of a trust clearsite and injects malicious principle with the intent of spreading it to other end users. For example, an attacker injects a browser script on a website, so that other users will click on it and compromise sensitive informat ion.3. What is a ruminative cross-site scripting attack?A reflective cross-site scripting attack is when the injected script is reflected off the web server, much like an error message or search results. This emblem of attack is mostly carried out by e-mail messages in which the user is tricked by clicking on a malicious link and then the injected code travels to the vulnerable website and reflects the attack back to the users browser (OWASP, 2013).4. What vernacular method of obfuscation is use in most real-world SQL attacks? These methods include book of facts scrambling, repeating character masking, numeric variance, nulling, artificial data generation, truncating, encoding, and aggregating. These methods rely on an array of built in SQL server system functions that atomic number 18 utilise for string manipulation (Magnabosco, 2009).5. Which Web application attack is more flat to extracting privacy data elements out of a database? SQL injections can be used to enter the da tabase with administrator rights in which are also the best stylus to avoid using Java on the website (OWASP, 2013).6. If you can monitor when SQL injections are performed on an SQL database,what would you recommend as a security countermeasure to monitor your production SQL databases? I would recommend coordinated and regular security audits to prevent any back lash of SQL injections.7. Given that Apache and Internet Information Services (IIS) are the two most popular Web application servers for Linux and Microsoft Windows platforms, what would you do to key out known software vulnerabilities and exploits? I would explore the large number of binary star planting vulnerabilities known as dll spoofing and dll preloading in which have been identified in third party applications running on a windows platform.8. What can you do to ensure that your organization incorporates penetration examination and Web application testing as part of its implementation procedures? My approach to thi s matter would be to cerebrate on the benefits of penetration testing and web application testing. I would rationalise to my company how the testing would identify holes and vulnerabilities in the current web applications. I would also make the point that by incorporating this testing would make the organization more marketable to partner companies and future clients.9. What other security countermeasures do you recommend for websites and Web application deployment to ensure the CIA of the Web application? I would identify all the key pieces to my Web Server and address each(prenominal) accordingly. The key pieces would include Patches and Updates, IISLockdown, Services, Protocols, Accounts, Files and Directions, Shares, Ports, Registry, Auditing and Logging, Sites and Virtural Directories, Script Mappings, ISAPI Filters, ISS Metabase, Server Certificates, Machine.config, and Code Access shelter (Microsoft Corporation, 2014).10. Who is responsible and accountable for the CIA of production Web applications and Web servers? Any ingenious certified information security professional that is assigned or assumes much(prenominal) responsibility.