Week 4 Lab Part 1 – Assessment Worksheet
Perform Dynamic and Static Quality Control Testing
1. Explain what is meant by dynamic code analysis. The dynamic approach is essentially executing the code, running the program and dynamically checking for inconsistencies of the given results.
2. Explain what is referred to by static code analysis. The static analysis approach is meant to review the source code, checking the compliance of specific rules, usage of arguments and so forth
3. What is black box testing on a web site or web application? Black box testing is testing of functionality of the software. It is not testing of the structure of the software.
4. What tool does OWASP recommend that pen testers use for penetration testing? WebScarab is a framework for analyzing applications that communicate using the HTTP and HTTPS protocols. It is written in Java, and is portable to many platforms. WebScarab has several modes of operation that are implemented by a number of plugins.
5. Who publishes and distributes skipfish and who was the developer that coded it? Skipfish is a new open source web application scanner, written in C programming, developed by Google, and created by Michal Zalewski.
Week 4 Lab Part 2 – Assessment Worksheet
Perform an IT & Web Application Security Assessment
1. Once an organization has identified a known vulnerability, what recourse does the company have? The Organization must implement risk management for the known vulnerability by either, transferring the liability, mitigating (reducing) the vulnerability, or avoidance by eliminating the source of the risk, or accept the risk of the known vulnerability.
2. Name two network entry points as it pertains to network accessibility? Authorization and Authentication are the two vital network entry points, which has to be protected.
3. What is the standard formula to rank potential threats? Risk Assessment and a Business Impact Analysis....