You are tasked to evaluate a web service that checks a password stored in a data

Question

You are tasked to evaluate a web service that checks a password stored in a database. The web service is built with a

1. A commercially available web server(Apache 2.4.20) hosted on a Linux operating system (Ubuntu 16.04)

2. A commercial database(9.4.19) that is hosted on any commercially viable operating system(Ubuntu 16.04)

This web service is accessed through a browser and your service can have a minimal browser requirement.

Identify the risk(CVSS score on NVD etc...) of staging such a system using different versions of the above software. Analyze the system and create a report with a Pareto chart identifying the important risk points.

Explanation / Answer

Apache on its own does not operate with websites by itself. It however does manage virtual hosts which are identified by either IP addresses or by the host name. But, to get a better and more optimal performance, Apache is usually supplemented with another web server – nginx.

In case of Apache, when Apache receives a request it first checks the TTL time stamp whether it has expired or not.

However, for password authentication 3 modules are involved in the authentication and the authorization process.

mod_auth_basic

mod_auth_digest

If any information needs to be password protected, then this technique where one module from each section is implemented to ensure the same.

AuthType Basic

AuthName "Restricted Files"

# (Following line optional)

AuthBasicProvider file

AuthUserFile "/usr/local/apache/passwd/passwords"

Require user rbowen

A sample example to protect the data in the users local directory.

Related Questions

Navigate

• Browse (All)
• Browse Y
• Subjects

Integrity-first tutoring: explanations and feedback only — we do not complete graded work. Learn more.