Question

1. Arachni has its own system for scoring vulnerability severity. Which vulnerabilities do you think are the most severe/critical? Which are the least severe/critical?

2. How would you categorize the Windows Server that you scannedÑa server that stores and processes health dataÑin terms of its criticality?

3. "If you had to summarize the state of the BxB web app to GCPG's executives, what would you say?"

Answer 1

Answer 1 - A computer vulnerability is a cybersecurity term that refers to a defect in a system that can leave it open to attack. This vulnerability could also refer to any type of weakness present in a computer itself, in a set of procedures, or in anything that allows information security to be exposed to a threat. There might be various vulnerability present in the system but the most severe/critical vulnerability are-

• Bugs
• Missing data encryption
• Weak password
• SQL injection.

Least severe vulnerability may include -

• Insufficient testing
• Lack of audit trail
• Design flaws

Answer 2 - In terms of criticality, I think Window server is a good option to chose because of the following reasons-

• It has a desired state configuration  that makes it possible to programmatically establish a baseline of roles and features, and then monitor and update any system that doesn’t match the desired state
• When you create a new storage volume in Windows Server 2012 R2, you also have the option to enable something called the Write-Back Cache. This feature sets aside an amount of physical storage, typically on a fast SSD drive, to use as a write cache to help smooth out the ups and downs of I/O during write- intensive operations
• Storage tiering that has the ability to dynamically move chunks of stored data between different classes of storage, such as fast SSDs and slower hard drives

Answer 3 - If I were to summarize the BxB web app to GCPG's executive I would say-

"BXB has dedicated its platform to serving the needs of the smaller non institutional traders, and that choice is reflected in the operating structure of BXB. Digital asset trading platforms have entered a new development cycle.BXB has solved both the usability and accessibility issues of option trading. We have designed our exchange interface in such a way that traders do not need to overcome complex and foreign terminology to properly and effectively execute options trading"