Question

In: Computer Science

An application has been through pureview and regression testing and it's prepared for release. A security...

An application has been through pureview and regression testing and it's prepared for release. A security engineer is asked to analyze an application binary to look for potential vulnerabilities prior to wide release. After thoroughly analyzing an application to engineer informs the developer they should include additional input sanitation in the application to prevent overflow. Which of the following tools did the security engineer most likely used to determine this recommendation?

  1. Fuzzing

  2. HTTP interceptor

  3. vulnerability scanner

  4. SCAP scanner

Solutions

Expert Solution

1. Fuzzing:

Fuzzing is actually quality assurance technique. It is used to discover coding errors and security loopholes in software, operating systems or networks. It is also called Fuzz testing. It will input massive amounts of data, which is called fuzz, to the test subject in an attempt to make it crash. If a vulnerability is found, a software tool called a fuzzer can be used to identify potential causes.

Fuzzers work best for discovering vulnerabilities that can be exploited by buffer overflow, DOS (denial of service), cross-site scripting and SQL injection. These schemes are often used by malicious hackers intent on wreaking the greatest possible amount of havoc in the least possible time.

Fuzz testing is less effective for dealing with security threats that do not cause program crashes, such as spyware, some viruses, worms, Trojans and keyloggers.

2. Interceptors:

Interceptors allow us to intercept incoming or outgoing HTTP requests using the HttpClient . We can modify or change the value of the request bu using interceptors

3. Vulnerability scanner

These scanners are used to discover the weaknesses of a given system. It is a computer program designed to assess computers, networks or applications for known weaknesses. A vulnerability scanner will send special kind of data to your website which is similar to the type of data that a malicious hacker would send. However, it does it in a safe way. If the response from your website or web application shows that it can be hacked, the vulnerability scanner reports it to you and tells you how to fix it.

One of the vulnerability scanner is Acunetix

4.SCAP scanner

There is always a chance to face vulnerabilities in our system and Leaving our systems with these vulnerabilities can have a number of consequences, ranging from embarrassment to heavy damage when a vulnerability is exploited by an attacker. SCAP is a technique that is used for automated vulnerability checking, allowing you to take steps to prevent attacks before they happen.

From this, as a security engineer, I would suggest a vulnerability scanner because A vulnerability scanner not only detects and classifies system weaknesses in computers, networks, and communications equipment but also predicts the effectiveness of countermeasures.

Please upvote


Related Solutions

The security for application software is enhanced and optimized through a procedure called threat modeling. In...
The security for application software is enhanced and optimized through a procedure called threat modeling. In major applications, such as those used by manufacturing, banking, or distribution companies, that do scheduling, resource management, inventory management, accounting, and more, security is a crucial element of its operations. Research threat modeling and briefly describe a procedure you would recommend to provide robust security for a major application in this type of environment
You have been tasked to write a C# application that will go through the first step...
You have been tasked to write a C# application that will go through the first step of encrypting an input file and writing the encrypted contents to an output file. For this first step in encryption, read each letter in from the input file, add 3 letters to the value of the input letter. If the input letter is an A then the encrypted letter would be a D. If the input letter from the input file is an X...
"But in the name of reform, it's as if somehow the goalpost has been moved without...
"But in the name of reform, it's as if somehow the goalpost has been moved without our realizing it. Now education -- for those "failing" urban kids, anyway -- is about learning the rules and following directions. Not critical thinking. Not creativity. It's about how to correctly eliminate three out of four bubbles. The whole messy, thrilling, challenging work of shaping young minds has been reduced to a one or a zero. Pass or fail." After reading the quote above,...
Describe one application where a biodegradable polymer has been used, and contrast this to an application...
Describe one application where a biodegradable polymer has been used, and contrast this to an application where a biostable polymer has been used. Your answer should be a comprehensive account of each application, with diagrams if appropriate, with a specific focus on the characteristics, of the relevant polymer category, that make them suitable for the application. (Maximum 750 words )
Howie, a security analyst, has used the concept of multiple regression to determine the sensitivity of...
Howie, a security analyst, has used the concept of multiple regression to determine the sensitivity of a certain stock to various factors. He has found that the following factors are the most indicative of his stock’s returns: Factor Factor Beta Factor risk premium Inflation 1.2 3% unemployment 0.8 5% Industrial production 0.7 6% If the rate on 90-day T-bills is 3%, a. what is the expected return for this stock? b. What is the Jensen Alpha if the portfolio return...
Homser Lake, Oregon, has an Atlantic salmon catch and release program that has been very successful....
Homser Lake, Oregon, has an Atlantic salmon catch and release program that has been very successful. The average fisherman’s catch has been μ=8.8 Atlantic salmon per day. (Source: National Symposium on Catch and Release Fishing, Humboldt State University). Suppose that a new quota system restricting the number of fishermen has been put into effect this season. A random sample of fishermen gave the following catches per day: 12 6 11 13 5 0 3 7 8 7 6 3 9...
Homser, Lake Oregon has an Atlantic salmon catch-and-release program that has been very successful. The average...
Homser, Lake Oregon has an Atlantic salmon catch-and-release program that has been very successful. The average Fisherman's catch has been on average 8.8 Atlantic salmon per day (Source: National Symposium on catch and release fishing, Humboldt State University). Suppose that a new quota system restricting the number of fishermen has been put into effect this season. A random sample of 16 fishermen yielded a mean and standard deviation of and s = 3.45 catches per day. The histogram to the...
Alex met Claire Boucher (Grimes) at McGill. He has been waiting for the release of her...
Alex met Claire Boucher (Grimes) at McGill. He has been waiting for the release of her next album. Assume that the waiting time is exponential with mean 3 years. To keep up with releases Alex receives Resident Advisor’s monthly album review newsletter. Assume that the album will be featured in the next issue after its release. Let X be the number of newsletters required to get news of the release of the album. Find the probability mass function of X.
The lab folder has two source files ComboLock and the testing application ComboLockTesting.  There is one utility...
The lab folder has two source files ComboLock and the testing application ComboLockTesting.  There is one utility class (compiled, without given code) MyGoodLock. ComboLock class has three private fields first, second, third, all of int type.  (As a matter of fact, they are numbers from 1 to 40).  It has a private field state of int type, representing the lock being partially opened.  It has a public field open of boolean type.  The class has one three-parameter constructor.  It also has two mutator methods: turnRight and...
A firm has decided through regression analysis that its sales (S) are a function of the...
A firm has decided through regression analysis that its sales (S) are a function of the amount of advertising (measured in units) in two different media, television (x) and magazines (y): S (x, y) = 100 – x2 + 30x – y2 + 40y (a) Find the level of TV and magazine advertising units that maximizes the firm's sales. (b) Suppose that the advertising budget is restricted to 31 units. Determine the level of advertising (in units) that maximizes sales...
ADVERTISEMENT
ADVERTISEMENT
ADVERTISEMENT