Framework and Application-Specific Vulnerabilities                          Chapter 9

            Questions


                   1.  What does CVE stand for? What is it?
                   2.  What makes WordPress such an attractive target for hackers?
                   3.  What are the advantages of using a CLI versus Burp extension for your WPScan
                      functionality? How about vice versa?
                   4.  What are some good methods for finding Ruby on Rails-specific bugs?
                   5.  What are some advantages to using Docker for your pentesting tools?
                   6.  What does OVAL stand for? What is an OVAL definition?
                   7.  What are some issues that you should be on the lookout for when testing a
                      Django application?



            Further Reading


            You can find out more about some of the topics we have discussed in this chapter at:
                      WordPress Official Site: IUUQT   XPSEQSFTT PSH
                      CVE FAQ: IUUQT   DWF NJUSF PSH BCPVU GBRT IUNM.
                      OVAL Home page: IUUQT   PWBM NJUSF PSH SFQPTJUPSZ BCPVU PWFSWJFX
                      IUNM.
                      WPScan Home page: IUUQT   XQTDBO PSH .
                      OWASP Ruby on Rails Cheatsheet: IUUQT   XXX PXBTQ PSH JOEFY QIQ 3VCZ@
                      PO@3BJMT@$IFBUTIFFU.
                      The Official Rails Security Guide: IUUQT   HVJEFT SVCZPOSBJMT PSH
                      TFDVSJUZ IUNM.





















                                                    [ 160 ]