Assessment

            Chapter 11


                   1.  It's important to ask yourselves a series of questions about any tool you are
                      thinking of adopting, analyzing how it will fit into your existing workflow, what
                      value it will add, how it is uniquely positioned to add that value, and more.
                   2.  Burp Notes, the Burp Python Scripter, and the JSON Beautifier (one of many
                      beautifiers) are just a few of the great extensions we've covered.
                   3.  ONBQ and Aircrack-ng are both best practice tools for network pentesting.
                   4.  Burp Pro gives you the Burp Scanner, automated PoC generation, and several
                      other useful Advanced Manual Tools.
                   5.  Kali Linux comes packaged with many of the tools researchers rely on. The fact
                      that it can also live-boot from a disk makes it a lightweight solution for any
                      pentesting lab.
                   6.  OSINT stands for Open Source Intelligence and is the process of gathering
                      information about a target from publicly available sources, like social media
                      profiles and public record data.
                   7.  Metasploit bills itself as an exploitation framework and is designed to both detect
                      and generate the code to exploit vulnerabilities. As a tool that shines in the
                      exploitation phase, we don't touch on it much in this book.


            Chapter 12


                   1.  DoS/DDoS attacks require extensive preventative measures, and because
                      malicious traffic often disguises itself as legitimate business, it can be difficult to
                      mitigate. This makes it out of scope - unless a specific flaw is making the service
                      more susceptible to DoS/DDoS attacks.
                   2.  Self-XSS is too limited in its effect and requires too many steps to be considered a
                      serious vulnerability. A user ultimately puts themselves at risk when performing
                      XSS, but not really anyone else.
                   3.  OPTIONS can expose debug information that could help attackers, but by itself,
                      is not a vulnerability.
                   4.  SSL vulnerabilities like BEAST require too many other compromised points to
                      present an attack scenario.
                   5.  $MJDLKBDLJOH is when an attacker hides a malicious link in a transparent or
                      obscured link under a legitimate, safe, button so that users are tricked into
                      following the black hat URL.




                                                    [ 215 ]