Question

In: Computer Science

An application has been through pureview and regression testing and it's prepared for release. A security...

An application has been through pureview and regression testing and it's prepared for release. A security engineer is asked to analyze an application binary to look for potential vulnerabilities prior to wide release. After thoroughly analyzing an application to engineer informs the developer they should include additional input sanitation in the application to prevent overflow. Which of the following tools did the security engineer most likely used to determine this recommendation?

  1. Fuzzing

  2. HTTP interceptor

  3. vulnerability scanner

  4. SCAP scanner

Solutions

Expert Solution

1. Fuzzing:

Fuzzing is actually quality assurance technique. It is used to discover coding errors and security loopholes in software, operating systems or networks. It is also called Fuzz testing. It will input massive amounts of data, which is called fuzz, to the test subject in an attempt to make it crash. If a vulnerability is found, a software tool called a fuzzer can be used to identify potential causes.

Fuzzers work best for discovering vulnerabilities that can be exploited by buffer overflow, DOS (denial of service), cross-site scripting and SQL injection. These schemes are often used by malicious hackers intent on wreaking the greatest possible amount of havoc in the least possible time.

Fuzz testing is less effective for dealing with security threats that do not cause program crashes, such as spyware, some viruses, worms, Trojans and keyloggers.

2. Interceptors:

Interceptors allow us to intercept incoming or outgoing HTTP requests using the HttpClient . We can modify or change the value of the request bu using interceptors

3. Vulnerability scanner

These scanners are used to discover the weaknesses of a given system. It is a computer program designed to assess computers, networks or applications for known weaknesses. A vulnerability scanner will send special kind of data to your website which is similar to the type of data that a malicious hacker would send. However, it does it in a safe way. If the response from your website or web application shows that it can be hacked, the vulnerability scanner reports it to you and tells you how to fix it.

One of the vulnerability scanner is Acunetix

4.SCAP scanner

There is always a chance to face vulnerabilities in our system and Leaving our systems with these vulnerabilities can have a number of consequences, ranging from embarrassment to heavy damage when a vulnerability is exploited by an attacker. SCAP is a technique that is used for automated vulnerability checking, allowing you to take steps to prevent attacks before they happen.

From this, as a security engineer, I would suggest a vulnerability scanner because A vulnerability scanner not only detects and classifies system weaknesses in computers, networks, and communications equipment but also predicts the effectiveness of countermeasures.

Please upvote


Related Solutions

"But in the name of reform, it's as if somehow the goalpost has been moved without...
"But in the name of reform, it's as if somehow the goalpost has been moved without our realizing it. Now education -- for those "failing" urban kids, anyway -- is about learning the rules and following directions. Not critical thinking. Not creativity. It's about how to correctly eliminate three out of four bubbles. The whole messy, thrilling, challenging work of shaping young minds has been reduced to a one or a zero. Pass or fail." After reading the quote above,...
Describe one application where a biodegradable polymer has been used, and contrast this to an application...
Describe one application where a biodegradable polymer has been used, and contrast this to an application where a biostable polymer has been used. Your answer should be a comprehensive account of each application, with diagrams if appropriate, with a specific focus on the characteristics, of the relevant polymer category, that make them suitable for the application. (Maximum 750 words )
Howie, a security analyst, has used the concept of multiple regression to determine the sensitivity of...
Howie, a security analyst, has used the concept of multiple regression to determine the sensitivity of a certain stock to various factors. He has found that the following factors are the most indicative of his stock’s returns: Factor Factor Beta Factor risk premium Inflation 1.2 3% unemployment 0.8 5% Industrial production 0.7 6% If the rate on 90-day T-bills is 3%, a. what is the expected return for this stock? b. What is the Jensen Alpha if the portfolio return...
Homser Lake, Oregon, has an Atlantic salmon catch and release program that has been very successful....
Homser Lake, Oregon, has an Atlantic salmon catch and release program that has been very successful. The average fisherman’s catch has been μ=8.8 Atlantic salmon per day. (Source: National Symposium on Catch and Release Fishing, Humboldt State University). Suppose that a new quota system restricting the number of fishermen has been put into effect this season. A random sample of fishermen gave the following catches per day: 12 6 11 13 5 0 3 7 8 7 6 3 9...
Homser, Lake Oregon has an Atlantic salmon catch-and-release program that has been very successful. The average...
Homser, Lake Oregon has an Atlantic salmon catch-and-release program that has been very successful. The average Fisherman's catch has been on average 8.8 Atlantic salmon per day (Source: National Symposium on catch and release fishing, Humboldt State University). Suppose that a new quota system restricting the number of fishermen has been put into effect this season. A random sample of 16 fishermen yielded a mean and standard deviation of and s = 3.45 catches per day. The histogram to the...
Alex met Claire Boucher (Grimes) at McGill. He has been waiting for the release of her...
Alex met Claire Boucher (Grimes) at McGill. He has been waiting for the release of her next album. Assume that the waiting time is exponential with mean 3 years. To keep up with releases Alex receives Resident Advisor’s monthly album review newsletter. Assume that the album will be featured in the next issue after its release. Let X be the number of newsletters required to get news of the release of the album. Find the probability mass function of X.
A firm has decided through regression analysis that its sales (S) are a function of the...
A firm has decided through regression analysis that its sales (S) are a function of the amount of advertising (measured in units) in two different media, television (x) and magazines (y): S (x, y) = 100 – x2 + 30x – y2 + 40y (a) Find the level of TV and magazine advertising units that maximizes the firm's sales. (b) Suppose that the advertising budget is restricted to 31 units. Determine the level of advertising (in units) that maximizes sales...
In response to the coronavirus, the FDA has been very involved in the products for testing...
In response to the coronavirus, the FDA has been very involved in the products for testing and treating the coronavirus. Please explain the role that the FDA plays with regard to these products. Let me know if you think that the FDA is necessary or can we leave our safety to the private businesses that provide the products and services. During this pandemic, we have seen the FDA relax its rules with regards to products, specifically testing. Should the FDA...
•          It has been said that a smartphone is a microcomputer in your hand. Discuss the security...
•          It has been said that a smartphone is a microcomputer in your hand. Discuss the security implications of this statement. •          What management, organizational, and technology issues must be addressed by smartphone security? •          What problems do smartphone security weaknesses cause for businesses?
This question has been posted before (a good while ago so it's not likely anyone will...
This question has been posted before (a good while ago so it's not likely anyone will respond to comments), but the answers are either wrong or don't actually explain how the answers are obtained. (The answers in the back of the book are 24 for 3 and 100 for 5.) Mathematicians at the University of Florida solved a 30-year-old math problem using the theory of partitions. (Explore, Fall 2000.) In math terminology, a partition is a representation of an integer...
ADVERTISEMENT
ADVERTISEMENT
ADVERTISEMENT