PBQ 3: Web Application Security Assessment

Web Application Security Assessment

Szenario

You are conducting a security assessment of a web application login page at https://comptia.org/login.aspx. Your Task: 1. Review the SSL/TLS certificate 2. Analyze the page source code 3. Examine stored cookies 4. Identify the HIGHEST severity vulnerability 5. Select the appropriate remediation steps Remember: You must remediate ONLY the highest severity vulnerability. Multiple issues may exist, but prioritize based on immediate exploitability and impact.

Anleitung

Click View Certificate, View Source, and View Cookies to examine each area. Identify the most critical vulnerability, then select the correct remediation steps in order.

Untersuchung

SSL/TLS Certificate Information

Subject: CN=comptia.org

Issuer: CN=DigiCert SHA2 Secure Server CA

Valid From: 2023-01-15 00:00:00 UTC

Valid To: 2024-01-14 23:59:59 UTC (EXPIRED)

Serial Number: 0F1A2B3C4D5E6F7A8B9C0D1E2F3A4B5C

Signature Algorithm: SHA256-RSA

Schritt 1: Identifiziere die kritischste Schwachstelle

Criticalcertificate

Expired SSL/TLS Certificate

Criticalsource

Hardcoded Credentials in Source Code

Highcookies

Missing Secure and HttpOnly Flags

Schritt 2: Wähle die korrekten Remediation Steps (in Reihenfolge)

Remove certificate from server

Generate a Certificate Signing Request

Submit CSR to the CA

Install re-issued certificate on the server

Remove hardcoded credentials from source

Store credentials in secure configuration

Implement environment variables

Rotate compromised credentials

Add Secure flag to session cookies

Add HttpOnly flag to prevent XSS

Implement SameSite attribute

Review cookie expiration times