1. From the results of lab #1 – Business Application impact analysis worksheet, what do you consider to be the greatest type of risk and why?
The greatest risk is hackers having access to data because it can lead to identity theft.
2. Why is it critical to perform periodic web application vulnerability assessments and penetration tests?
It is critical because you should always maintain compliance laws and in order to do that you need to know what is wrong with your system and fix it before problems occur.
3. What kind of web application does Damn Vulnerable Web Application (DVWA) use?
It uses PHP/MySQL web applications.
4. Why is connecting your web servers and web applications to the Internet like opening Pandora’s Box?
Connecting these is like opening Pandora’s Box because by connecting to the internet, you are opening your information up to hackers that can connect through the internet.
5. What does the Skipfish application do and why is it a good security tool for web servers and web application testing?
Skipfish application is an open source web app and a fully automated security reconnaissance tool. It is a good security tool because it can perform security and vulnerability tests.
6. What is Tcpdump and why is it a good tool for application for testing the Ubuntu Linux web server and web application security?
Tcpdump is a protocol capture and analyzer tool that enables Ubuntu Linux server to capture server interaction.
7. What does the Firefox live HTTP headers plug-in application do, and why is this a good tool for web server and web application security testing?
The HTTP Headers plug-in application adds information such as adding the headers in real time. It is a good tool because you can use it to debug applications.