Name:
. Note that some vulnerabilities in the given list may not have a corresponding CWE, therefore be careful when choosing the vulnerability.
b) For the CWEs you identified, propose countermeasures, and discuss how the countermeasures mitigate the vulnerabilities.
Question 2
There are many benefits of a responsible vulnerability disclosure process for the vendor, consumers, and the security community. There might be some cases in which vulnerability must be disclosed. Explain one such circumstance by providing real-life examples.
Hint: Think about the vulnerabilities reported by NSA.
Question 3
Below figure shows the logical network map of a small company doing business in the healthcare field. The web server hosts a dynamic web application programmed in one of the modern frontend programming languages. The web application is behind the firewall and accessible from the Internet (Port 443 is allowed in the firewall). The web application has more than one thousand active users. Web application connects to the database in the DMZ. Database stores sensitive PII and PHI data. A third-party independent penetration testing service has not tested the web application; therefore, an independent eye has not checked yet for OWASP Top 10 security risks.
There is two-way communication between DMZ and Local Area Network. There is a file server on the Local Area Network. Sensitive files have been copied on the shared folders, and file access logs have not been enabled on the file server.
From the physical perspective, the servers are on a small rack cabinet, and the rack cabinet is placed in a small area next to the kitchen. Company executives do not want to spend money on a professional system room at this time.
Based on the description and topology above, please provide a list of all possible vulnerabilities in the following categories:
1) Software development
2) Physical
3) Personnel
4) Topological
5) Technology
Question 4
Enter this page: . Find the list of top 10 Most Exploited Vulnerabilities 2016–2019. Go to the NVD page of each vulnerability.
a) Find weaknesses (root cause) associated with each vulnerability
b)