WMS Sample Paper 2 Solution
WMS Sample Paper 2 Solution
WMS Sample Paper 2 Solution
Properly controlling access to web content is crucial for running a secure web server. Directory
traversal or Path Traversal is an HTTP attack that allows attackers to access restricted directories
and execute commands outside of the web server’s root directory.
An Access Control List is used in the authorization process. It is a list which the web server’s
administrator uses to indicate which users or groups are able to access, modify or execute
particular files on the server, as well as other access rights.
Advantages
1. DirBuster provides a GUI interface, which is obviously very easy to understand and
use. DirBuster is often employed by anyone with no hustle.
2. As compared to other Directory Brute-forcing tools, GoBuster is extremely fast.
GoBuster has been developed in the Go language & This language is known for
speed.
If attackers know the memory layout of a program, they can intentionally feed input that the
buffer cannot store, and overwrite areas that hold executable code, replacing it with their own
code. For example, an attacker can overwrite a pointer (an object that points to another area in
memory) and point it to an exploit payload, to gain control over the program.
Stack-based buffer overflows are more common, and leverage stack memory that only exists
during the execution time of a function.
Heap-based attacks are harder to carry out and involve flooding the memory space allocated for
a program beyond memory used for current runtime operations.
In addition, modern operating systems have runtime protection. Three common protections are:
The Caesar Cipher technique is one of the earliest and simplest methods
of encryption technique. It’s simply a type of substitution cipher, i.e., each
letter of a given text is replaced by a letter with a fixed number of positions
down the alphabet.
For example with a shift of 1, A would be replaced by B, B would become
C, and so on. The method is apparently named after Julius Caesar, who
apparently used it to communicate with his officials.
Thus to cipher a given text we need an integer value, known as a shift
which indicates the number of positions each letter of the text has been
moved down.
The encryption can be represented using modular arithmetic by first
transforming the letters into numbers, according to the scheme, A = 0, B =
1,…, Z = 25. Encryption of a letter by a shift n can be described
mathematically as.
Text : ABCDEFGHIJKLMNOPQRSTUVWXYZ
Shift: 23
Cipher: XYZABCDEFGHIJKLMNOPQRSTUVW
Text : ATTACKATONCE
Shift: 4
Cipher: EXXEGOEXSRGI
Algorithm for Caesar Cipher:
Input:
1. A String of lower case letters, called Text.
2. An Integer between 0-25 denoting the required shift.
Procedure:
Traverse the given text one character at a time .
For each character, transform the given character as per the rule,
depending on whether we’re encrypting or decrypting the text.
Return the new string generated.
Denial of service
Your users make bad password choices on other networks that fall to hackers.
This leads to cross-network unauthorized access.
Your underlying operating system has holes, and diligent hackers exploit it to
gain limited access.
1. Blacklist filtering.
2. Whitelist filtering.
3. Contextual Encoding.
4. Input Validation.
5. Content Security Policy.
10. Explain features of Window and Linux along with layer architecture. How these platforms
are made secure? Explain in detail.
On the other hand, Linux OS is one of the famous versions of the UNIX OS. It is
developed to provide a low-cost or free OS for several personal computer system users.
Remarkably, it is a complete OS Including an X Window System, Emacs editor, IP/TCP,
GUI (graphical user interface), etc.
11. Explain security attacks and measures of WI-FI attacks.
What are the risks to your wireless network?
Whether it’s a home or business network, the risks to an unsecured wireless network are the
same. Some of the risks include:
Piggybacking
If you fail to secure your wireless network, anyone with a wireless-enabled computer in range of
your access point can use your connection. The typical indoor broadcast range of an access point
is 150–300 feet. Outdoors, this range may extend as far as 1,000 feet. So, if your neighborhood is
closely settled, or if you live in an apartment or condominium, failure to secure your wireless
network could open your internet connection to many unintended users. These users may be able
to conduct illegal activity, monitor and capture your web traffic, or steal personal files.
Wardriving
Wardriving is a specific kind of piggybacking. The broadcast range of a wireless access point
can make internet connections available outside your home, even as far away as your street.
Savvy computer users know this, and some have made a hobby out of driving through cities and
neighborhoods with a wireless-equipped computer—sometimes with a powerful antenna—
searching for unsecured wireless networks. This practice is known as “wardriving.”
Wireless Sniffing
Many public access points are not secured and the traffic they carry is not encrypted. This can
put your sensitive communications or transactions at risk. Because your connection is being
transmitted “in the clear,” malicious actors could use sniffing tools to obtain sensitive
information such as passwords or credit card numbers. Ensure that all the access points you
connect to use at least WPA2 encryption.
Unauthorized Computer Access
An unsecured public wireless network combined with unsecured file sharing could allow a
malicious user to access any directories and files you have unintentionally made available for
sharing. Ensure that when you connect your devices to public networks, you deny sharing files
and folders. Only allow sharing on recognized home networks and only while it is necessary to
share items. When not needed, ensure that file sharing is disabled. This will help prevent an
unknown attacker from accessing your device’s files.
Shoulder Surfing
In public areas malicious actors can simply glance over your shoulder as you type. By simply
watching you, they can steal sensitive or personal information. Screen protectors that prevent
shoulder-surfers from seeing your device screen can be purchased for little money. For smaller
devices, such as phones, be cognizant of your surroundings while viewing sensitive information
or entering passwords.
Change default passwords. Most network devices, including wireless access points, are pre-
configured with default administrator passwords to simplify setup. These default passwords are
easily available to obtain online, and so provide only marginal protection. Changing default
passwords makes it harder for attackers to access a device. Use and periodic changing of
complex passwords is your first line of defense in protecting your device. (See Choosing and
Protecting Passwords.)
Restrict access. Only allow authorized users to access your network. Each piece of hardware
connected to a network has a media access control (MAC) address. You can restrict access to
your network by filtering these MAC addresses. Consult your user documentation for specific
information about enabling these features. You can also utilize the “guest” account, which is a
widely used feature on many wireless routers. This feature allows you to grant wireless access to
guests on a separate wireless channel with a separate password, while maintaining the privacy of
your primary credentials.
Encrypt the data on your network. Encrypting your wireless data prevents anyone who might be
able to access your network from viewing it. There are several encryption protocols available to
provide this protection. Wi-Fi Protected Access (WPA), WPA2, and WPA3 encrypt information
being transmitted between wireless routers and wireless devices. WPA3 is currently the strongest
encryption. WPA and WPA2 are still available; however, it is advisable to use equipment that
specifically supports WPA3, as using the other protocols could leave your network open to
exploitation.
Protect your Service Set Identifier (SSID). To prevent outsiders from easily accessing your
network, avoid publicizing your SSID. All Wi-Fi routers allow users to protect their device’s
SSID, which makes it more difficult for attackers to find a network. At the very least, change
your SSID to something unique. Leaving it as the manufacturer’s default could allow a potential
attacker to identify the type of router and possibly exploit any known vulnerabilities.
Install a firewall. Consider installing a firewall directly on your wireless devices (a host-based
firewall), as well as on your home network (a router- or modem-based firewall). Attackers who
can directly tap into your wireless network may be able to circumvent your network firewall—a
host-based firewall will add a layer of protection to the data on your computer (see
Understanding Firewalls for Home and Small Office Use).
Maintain antivirus software. Install antivirus software and keep your virus definitions up to date.
Many antivirus programs also have additional features that detect or protect against spyware and
adware (see Protecting Against Malicious Code and What is Cybersecurity?).
Use file sharing with caution. File sharing between devices should be disabled when not needed.
You should always choose to only allow file sharing over home or work networks, never on
public networks. You may want to consider creating a dedicated directory for file sharing and
restrict access to all other directories. In addition, you should password protect anything you
share. Never open an entire hard drive for file sharing (see Choosing and Protecting Passwords).
Keep your access point software patched and up to date. The manufacturer of your wireless
access point will periodically release updates to and patches for a device’s software and
firmware. Be sure to check the manufacturer’s website regularly for any updates or patches for
your device.
Check your internet provider’s or router manufacturer’s wireless security options. Your internet
service provider and router manufacturer may provide information or resources to assist in
securing your wireless network. Check the customer support area of their websites for specific
suggestions or instructions.
Connect using a Virtual Private Network (VPN). Many companies and organizations have a
VPN. VPNs allow employees to connect securely to their network when away from the office.
VPNs encrypt connections at the sending and receiving ends and keep out traffic that is not
properly encrypted. If a VPN is available to you, make sure you log onto it any time you need to
use a public wireless access point.
An SQL Injection vulnerability may affect any website or web application that uses
an SQL database such as MySQL, Oracle, SQL Server, or others. Criminals may use it
to gain unauthorized access to your sensitive data: customer information, personal
data, trade secrets, intellectual property, and more. SQL Injection attacks are one of
the oldest, most prevalent, and most dangerous web application vulnerabilities.
Attackers can use SQL Injections to find the credentials of other users in the
database. They can then impersonate these users. The impersonated user
may be a database administrator with all database privileges.
SQL lets you select and output data from the database. An SQL Injection
vulnerability could allow the attacker to gain complete access to all data in a
database server.
SQL also lets you alter data in a database and add new data. For example, in
a financial application, an attacker could use SQL Injection to alter balances,
void transactions, or transfer money to their account.
You can use SQL to delete records from a database, even drop tables. Even if
the administrator makes database backups, deletion of data could affect
application availability until the database is restored. Also, backups may not
cover the most recent data.
In some database servers, you can access the operating system using the
database server. This may be intentional or accidental. In such case, an
attacker could use an SQL Injection as the initial vector and then attack the
internal network behind a firewall.
SQL injections typically fall under three categories: In-band SQLi (Classic), Inferential
SQLi (Blind) and Out-of-band SQLi. You can classify SQL injections types based on the
methods they use to access backend data and their damage potential.
SQL injections typically fall under three categories: In-band SQLi (Classic),
Inferential SQLi (Blind) and Out-of-band SQLi. You can classify SQL
injections types based on the methods they use to access backend data and
their damage potential.
In-band SQLi
The attacker sends data payloads to the server and observes the response
and behavior of the server to learn more about its structure. This method is
called blind SQLi because the data is not transferred from the website
database to the attacker, thus the attacker cannot see information about the
attack in-band.
Blind SQL injections rely on the response and behavioral patterns of the
server so they are typically slower to execute but may be just as harmful.
Blind SQL injections can be classified as follows:
Boolean—that attacker sends a SQL query to the database prompting the
application to return a result. The result will vary depending on whether the
query is true or false. Based on the result, the information within the HTTP
response will modify or stay unchanged. The attacker can then work out if
the message generated a true or false result.
Time-based—attacker sends a SQL query to the database, which makes the
database wait (for a period in seconds) before it can react. The attacker can
see from the time the database takes to respond, whether a query is true or
false. Based on the result, an HTTP response will be generated instantly or
after a waiting period. The attacker can thus work out if the message they
used returned true or false, without relying on data from the database.
Out-of-band SQLi
The attacker can only carry out this form of attack when certain features are
enabled on the database server used by the web application. This form of
attack is primarily used as an alternative to the in-band and inferential SQLi
techniques.
Out-of-band SQLi is performed when the attacker can’t use the same
channel to launch the attack and gather information, or when a server is too
slow or unstable for these actions to be performed. These techniques count
on the capacity of the server to create DNS or HTTP requests to transfer
data to an attacker.
Primary Defenses:
Additional Defenses: