Description
Answer prompt one and two as asked
Unformatted Attachment Preview
Prompt 1
With the proliferation of Internet-of-Things (IoT) in all forms of environments (home, office,
factories, healthcare), security of such devices has become an increasingly critical concern.
Search the Internet and try to find a couple of security status reports and/or market studies on
misconfigured/broken authentication for IoT consumer devices.
In short, summarize the results and your opinion on why this is a major security concern.
Prompt 2
Questions
1. (10 points) Intercepting a login request with the credentials of “joe” and “pass” displays the
following URL:
http://www.wahh-app.com/app?action=login&uname=joe&password=pass
What three vulnerabilities can be diagnosed by simply looking at this URL?
2. (2.5 x 8 = 20 points) You log in to an application at the following URL:
https://app.news24hours.com/login/home.php
After successful authentication, the server sets the following cookie:
Set-cookie: sessionId=1498172056438227; domain=app.news24hours.com; path=/login;
HttpOnly;
To which of the following URLs will the sessionId cookie be submitted? Explain why or why not.
a) https://app.news24hours.com
b) https://app.news24hours.com/login/myaccount.php
c) https://web.news24hours.com/login
d) https://raw.app.news24hours.com/login/home.php
e) http://app.news24hours.com/login/myaccount.php
f) http://app.news24hours.com/logintest/login.php
g) https://app.news24hours.com/logout
h) https://testapp.news24hours.com/login/myaccount.php
Note: The HttpOnly flag does not determine whether cookies are transmitted via HTTP or HTTPS
connections. It only
specifies that cookies are not accessible via client-side scripts.
Purchase answer to see full
attachment
