7. Look over the Windows Server system vulnerabilities that OpenVAS discovered. Which vulnerabilities would you say are the most alarming? What could an attacker do if they compromised these vulnerabilities?
8. "Consider the following question in the context of the vulnerabilities that Arachni identified: Which of the following scenarios, if true, would indicate a false positive?"
|
"HTTPS is not enabled site-wide, but is enabled for search forms to keep searches confidential." |
||
|
"The server returns an X-Frame-Options header value of DENY, meaning the page cannot be displayed in a frame in order to mitigate clickjacking threats." |
||
|
Leakage of the hosting server's private IP address is within the organization's risk appetite |
||
|
The table names and field names in the SQL database are obfuscated in order to mitigate the effectiveness of injection attacks |
9. OpenVAS uses third-party scoring systems like the Common Vulnerability Scoring System (CVSS) to prioritize vulnerabilities. Which vulnerabilities do you think are the most severe/critical? Which are the least severe/critical?
7. Most alarming vulnerability that was detected by the openVAS was that it showed that the DNS server component running with the full system privilege in the the system which means that after successful exploitation the attacker will be able to redirect the users to their site and could also steal the information of the users regarding their IP addresses and other details about the devices not the credentials. This is alarming one ability because as the DNS server is running with the full system privilege which means that if a hacker is able to exploit the system then can gain full access over the server system and will be able to perform any task that he desire when can also gain access to the data .
Get Answers For Free
Most questions answered within 1 hours.