Additional Attacks Review

Review

In this module, we used Burpsuite and SQLMap to both discover and exploit vulnerabilities in Juice Shop.

Application Protection Quiz

1. There is no reason to send an invalid request on purpose. (True or False)

   Click here for answer

   False - As we saw in task 1, we can gain valuable information about the server from the error messages returned.

2. Why does it matter that an attacker knows the software library associated with a website’s database?

   Click here for answer

   With this information, an attacker can greatly narrow their reconnaissance efforts, and focus on weaponization much more quickly.

3. What type of security is FortiWeb Cloud’s Cross Site Request Forgery protection?

   Click here for answer

   Clien Security - This type of security is designed to prevent compromised clients from accessing sensitive data.