Free Web Systems Vulnerability Assessment Essay Sample
Question One: Difference between a Vulnerability Assessment and a Penetration Test
In computing, vulnerability assessment is a term used to refer to the process of quantifying, identifying, prioritizing and identifying the vulnerabilities existing in a given system. Some examples of the systems which have the assessment done include information technology (IT) systems, nuclear plants, water supply, communication and transportation systems. Vulnerability assessments may be conducted for small to large organizations. As well, vulnerability to a given kind of disaster can be assessed to determine the kind of damage that will be caused (Dustin & McDiarmid, 2009). Basically, vulnerability is done in web systems to prevent any possible risks. This is a good way of making web systems secure.
On the other hand, a Penetration Test, also known as a Pentest, is a common method used in evaluating the security of a network or computer system. This is done through simulating an attack from a suspected malicious source. This source is technically known as Cracker or Black Hat Hacker. Basically, the penetration test is a process that involves an active evaluation and analysis of a system for potential intrusions or vulnerabilities that can result from poor configuration of the system. This can as well result from unknown (or known) software or hardware flaws (Reynolds & Meersman, 2011). The penetration testing procedures can thus be done frequently or after a change of systems. Any security issues presented after the testing process should be addressed by offering technical solution.
Question Two: Fuzzing in the Current Context
Fuzzing, or fuzz testing, is a technique for software testing. In the current context, fuzzing entails an automated process involving the provision of unexpected, random, or invalid data to the input systems of a given computer program. Once that has been done, the next thing is to monitor the program for any form of exceptions (Reynolds & Meersman, 2011). These might include things such as crashes or failure to assert build-in codes. This process is commonly employed in testing for security issues in computer systems or in software.
Current fuzzing processes involve the use of two different forms of program: the generation and mutation based programs. Network protocols and file formats have been the major targets of fuzzing. However, it is possible to fuzz any other type of input program. The practice is also extended to the contents of shared memory, databases, and precise thread-interleaving. In order to attain security, input noted to cross a 'trust boundary' is usually very interesting (Dustin & McDiarmid, 2009). For instance, it would be necessary to fuzz code that is capable of handling the 'upload' file by a given user instead of fuzzing the code used to pars the configuration file that is only accessible to the privileged user only. The above explanation therefore helps analyze how fuzzing is done in the current context.
Question Three: Proxy Servers and Usefulness for Pentesting
A proxy server is a 'server' or a computer application or system that acts as the intermediary point for requests from different clients seeking the resources from the other servers. Proxy servers are used in computer networks. In the internet, a client will connect to the specific proxy server, then request some service such a file, be connected, and obtain resources from another different server. The proxy server is capable evaluating the articulated requests according to the filtering rules. For instance, proxy servers can use protocols or IP addresses to filter the traffic (O'Neill, 2003). Once the request has been validated by the given filter, the proxy will then provide the request to the client. Sometimes this may serve the given request without necessarily having to contact the server already specified. A good example of a proxy is the web proxy that allows access to contents on the entire web.
A proxy server can be used for pentesting purposes. Pentesting is method used to evaluate the security of a network or computer system. This is done through simulating an attack from a suspected malicious source (O'Neill, 2003). That being the case, the use of proxy servers such as IP addresses and protocols can help in penetration testing. Since the process involves the use virtual machines, it can be possible to maintain high security standard by making sure the proxy servers are used for pentesting purposes. The use of internet proxies makes it possible to build the highest and convenient security when using the internet (Reynolds & Meersman, 2011). The capabilities and roles played by proxy servers therefore make them useful for penetration testing purposes.
Question Four: The Advantages and Disadvantages of Using a Live CD for On-line Banking
Currently there has been the need to adopt new changes for online banking. Such changes include the use a live CD for online banking services. Over the years, hackers and thieves have used Windows malware to get away with large sums of money from businesses and banks. This new approach is advantageous because it increases safety by making sure transactions are done without leaving any information on the web or emails (Negus, 2010). The use of a use-only-once system and rebooting like Ubuntu makes it impossible to leave behind vital information. The speed of banking is also enhanced since there is no need for internet connections. As well, cookies will never be retaining upon the booting process thereby providing some huge degree of security.
On the other hand, there are a number of disadvantages that come with the process. The process can be time consuming and cause inconveniences. It is always necessary to make sure every person knows how to use Ubuntu for the online banking to be done effectively (Negus, 2010). Modern technology is also required if the process is to be effective. As well, hackers will very soon device new ways of stealing and therefore the new approach might not be helpful as such.