AB Web Development Challenge
docx
keyboard_arrow_up
School
University of Texas, San Antonio *
*We aren’t endorsed by this school
Course
UTSA-VIRT-
Subject
Information Systems
Date
Dec 6, 2023
Type
docx
Pages
7
Uploaded by AmbassadorIbex3880
Cybersecurity
Module 12 Challenge Submission File
Web Development
Make a copy of this document to work in, and then respond to each question below the
prompt. Save and submit this completed file as your Challenge deliverable.
HTTP Requests and Responses
1.
What type of architecture does the HTTP request and response process occur
in?
Client-Server Architecture
2.
What are the parts of an HTTP request?
Request line, headers, request body
3.
Which part of an HTTP request is optional?
The Request body
4.
What are the three parts of an HTTP response?
Status, headers, message body
5.
Which number class of status codes represents errors?
Fourth class/400 range, i.e 404 errors
6.
What are the two most common request methods a security professional
encounters?
GET and POST
7.
Which type of HTTP request method is used to send data?
POST
8.
Which part of an HTTP request contains the data being sent to the server?
The request body
9.
In which part of an HTTP response does the browser receive the web code to
generate and style a webpage?
The message body
Using curl
10. What are the advantages of using
curl
over the browser?
Curl downloads and displays raw information and allows you to save it, curl
can be used to send and receive data using different types of supported
proytocols, saves and sends cookies,
11.Which
curl
option changes the request method?
curl -X
12. Which
curl
option sets request headers?
curl -H
13. Which
curl
option is used to view the response header?
curl -I
14.Which request method might an attacker use to figure out what HTTP requests
an HTTP server will accept?
Options
Sessions and Cookies
15. Which response header sends a cookie to the client?
Set-Cookie:
cart=Bob
16. Which request header will continue the client's session?
GET
/cart HTTP/1.1
Host:
www.example.org
Cookie:
cart=Bob
Connection: keep-alive
Example HTTP Requests and Responses
Use the following sample HTTP request and response to answer the questions in this
section:
HTTP Request
POST
/login.php HTTP/1.1
Host:
example.com
Accept-Encoding:
gzip, deflate, br
Connection:
keep-alive
Content-Type:
application/x-www-form-urlencoded
Content-Length:
34
Upgrade-Insecure-Requests:
1
User-Agent:
Mozilla/5.0 (Linux; Android 6.0; Nexus 5 Build/MRA58N)
AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.132 Mobile
Safari/537.36
username=Barbara&password=password
17. What is the request method?
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
- Access to all documents
- Unlimited textbook solutions
- 24/7 expert homework help
POST
18. Which header expresses the client's preference for an encrypted response?
Upgrade-Insecure-Requests: 1
19. Does the request have a user session associated with it?
No, not yet
20. What kind of data is being sent from this request body?
Login
credentials, Username and Password
HTTP Response
HTTP/1.1 200 OK
Date:
Mon, 16 Mar 2020 17:05:43 GMT
Last-Modified:
Sat, 01 Feb 2020 00:00:00 GMT
Content-Encoding:
gzip
Expires:
Fri, 01 May 2020 00:00:00 GMT
Server:
Apache
Set-Cookie:
SessionID=5
Content-Type:
text/html; charset=UTF-8
Strict-Transport-Security:
max-age=31536000; includeSubDomains
X-Content-Type:
NoSniff
X-Frame-Options:
DENY
X-XSS-Protection:
1; mode=block
[
page content
]
21. What is the response status code?
200
22. What web server is handling this HTTP response?
Apache
23. Does this response have a user session associated with it?
SessionID=5 Yes
24. What kind of content is likely to be in the [page content] response body?
HTML file content, page configuration information
25. If your class covered security headers, what security request headers have been
included?
Stric-Transport-Security: max-age=31536000; includeSubDomains
Monoliths and Microservices
26.
What are the individual components of microservices called?
services
27.
What is a service that writes to a database and communicates to other services?
API Gateway
28.
What type of underlying technology allows for microservices to become scalable and
have redundancy?
Load Balancer Technology
Deploy and Test a Container Set
29.
What tool can you use to deploy multiple containers at once?
Docker
30.
What kind of file format is required to deploy a container set?
YAML format, .yml
Databases
31.Which type of SQL query would you use to view all the information in a table
called
customers
?
SELECT column_name FROM customers;
32.Which type of SQL query would you use to enter new data into a table? (You
don't need a full query, just the first part of the statement.)
INSERT INTO table_name (column_1,column_2, column_3) Values (value_1,
value_2, value_3)
33. Why would you never run
DELETE FROM <table-name>;
by itself?
The whole table would end up being deleted
Optional Additional Challenge Activity: The Cookie Jar
Question 1:
Did you see any obvious confirmation of a login? (Y/N)
[Enter answer here]
Question 2:
How many items exist in this file?
[Enter answer here]
Question 3:
Is it obvious that you can access the dashboard? (Y/N)
[Enter answer here]
Question 4:
Look through the output where
Dashboard
is highlighted. Does any of the
wording on this page seem familiar? (Y/N) If so, you should be successfully logged in to
your Editor's dashboard.
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
- Access to all documents
- Unlimited textbook solutions
- 24/7 expert homework help
[Enter answer here]
Question 5:
What happens this time?
[Enter answer here]
© 2023 edX Boot Camps LLC. Confidential and Proprietary. All Rights Reserved.