Name of the College : Mahatma Gandhi University
Department : Computer Science and Engineering
Subject Code/Name : MCSCS 103/Web Security
Sem : I
Website : mgu.ac.in
Document Type : Model Question Paper
Download Model/Sample Question Paper :
I : https://www.pdfquestion.in/uploads/mgu.ac.in/5011-1-MCSCS%20103%20Web%20Security%20set1(1).doc
II : https://www.pdfquestion.in/uploads/mgu.ac.in/5011-2-MCSCS%20103%20Web%20Security%20set2(1).doc
Web Security Question Paper :
M.TECH. DEGREE EXAMINATION :
Branch: Computer Science and Engineering
Specialization : Computer Science and Engineering
Related : MGU MCSIS106-1 Data Mining & Knowledge Discovery M.Tech Model Question Paper : www.pdfquestion.in/5024.html
Model Question Paper – II
First Semester :
MCSCS 103 : Web Security
(Regular – 2013 Admission onwards)
Time: 3hrs
Maximum:100 marks
Answer the following Questions :
1. a) Explain how a web application can control its user access. (7)
b) What is boundary validation? Explain (6)
c) Discuss some of the core security problems faced by web applications. (12)
or
2. a) How can data be transmitted via the client in a way that secures its integrity? (13)
b) What are the essential requirements of effective access control? (12)
3. a) Explain SQL injection into different statement types? (11)
b) How the SQL injections can be found out. How can we prevent it? (14)
or
4. a) Explain
– Interception filters? (8)
– application filters (8)
b) Describe how the database servers be protected against the attacks on web (9)
5. a) Explain how ModSecurity is used to block the attacks on web applications? (12)
b) What is XSS? Discuss some mechanisms to prevent XSS attacks(13)
or
6. a) Discuss protection against CSRF(8)
b) How can we detect the real IP address of an attacker? (12)
c) Explain Directory traversal attacks (5)
7. a) What is server hacking? Explain (10)
b) Describe how source code disclosure can be effectively used to safeguard against the vulnerabilities in applications. (7)
c) Give a description on Web crawling. (8)
or
8. a) Write a note on database vulnerabilities. Discuss some mechanisms to handle it. (13)
b) Explain database hacking? (12)
MCSCS 103 Web Security :
(Regular – 2013 Admission onwards)
Time: 3hrs
Maximum: 100 marks
Answer the following Questions :
1. a) Different approaches are used for handling user input in web applications. Explain (13)
b) Explain the user directed spidering technique. What are its benefits? (12)
Or
2. a) How can you relate authentication functionality with application design? (13)
b) Discuss some of the common vulnerabilities with respect to access control. (12)
3. a) What is SQL Injection? How it is done? (10)
b) Explain the common techniques for SQL Injection (7)
c) You are trying to exploit a SQL injection flaw by performing a UNION attack to retrieve data. How is it useful for you?(8)
Or
4. a) Write a note on Insecure Database Configuration (8)
b) Discuss the types of Internet firewall? (8)
c) Explain some mechanisms for securing the database against the web attacks.. (9)
5. a) What is HTTP finger printing? How can we use ModSecurity to defeat HTTP finger printing (11)
b) Explain the following attacks:
– Shell command Execution (7)
– Null Byte (7)
Or
6. a) A news headline reads “The website of a company X is hacked and their homepage was replaced with an obscene message”. What really happened and how can it be avoided? (12)
b) Blog Spam and Directory indexing can cause problems on the web. Explain (13)
7. a) Discuss the methodologies used for web application hacking? (10)
b) Explain canonicalization attacks (8)
c) What is Denial of Service (7)
Or
8. a) Explain database hacking? (8)
b) Explain database discovery? (9)
c) Give a description on Web crawling. (8)
Syllabus :
Module 1 :
Web application security- Key Problem factors – Core defence mechanisms- Handling user access- handling user input- Handling attackers – web spidering – Discovering hidden content Transmitting data via the client – Hidden form fields – HTTP cookies – URL parameters – Handling client-side data securely – Attacking authentication – design flaws in authentication mechanisms –securing authentication Attacking access controls – Common vulnerabilities – Securing access controls
Module 2 :
SQL Injection – How it happens – Dynamic string building – Insecure Database Configuration – finding SQL injection – Exploiting SQL injection – Common techniques – identifying the database – UNION statements – Preventing SQL injection
Platform level defenses – Using run time protection – web application Firewalls – Using ModSecurity – Intercepting filters- Web server filters – application filters – securing the database – Locking down the application data – Locking down the Database server
Module3 :
Mod Security – Blocking common attacks – HTTP finger printing – Blocking proxied requests – Cross-site scripting – Cross-site request forgeries – Shell command execution attempts – Null byte attacks – Source code revelation – Directory traversal attacks – Blog spam – Website defacement – Brute force attack – Directory indexing – Detecting the real IP address of an attacker
Module 4 :
Web server Hacking – Source code disclosure – Canonicalization attacks – Denial of service – Web application hacking – Web crawling Database Hacking – Database discovery – Database vulnerabilities