Answer the following questions about the HTTP request and response process.
-
What type of architecture does the HTTP request and response process occur in?
- HTTP is based on the client-server architecture model and a stateless request/response protocol that operates by exchanging messages across a reliable TCP/IP connection.
-
What parts make up an
HTTP request
?- The GET method requests a representation of the specified resource. Requests using GET should only retrieve data.
-
What is the optional part of an HTTP request?
- Anything below
headers
, which isRequest body
is optional.
- Anything below
-
What three parts make up an HTTP response?
- The status line, some headers, and an optional body.
-
Which number class of status codes represent errors?
- 400 CODES
-
What are the two most common request methods that a security professional will come across?
- GET and POST
-
Which type of HTTP request method is used for sending data?
- POST
-
Which part of an
HTTP request
contains the data being sent to the server?- POST
-
In which part of an HTTP response would the browser receive the web code to generate and style a web page?
- Cookie
Answer the following questions about curl
:
-
What are the advantages of using curl over the browser? The advantages of using curl are sometimes, the tools you can use to send and receive http requests are limited, so when working through a container that has no user interface, you'll need a command-line tool to send and receive http requests. And it is also a quick way to test HTTP requests in a way that can be automated.
-
Which curl option is used to change the request method?
- -- request: set the request type
- Which curl option is used to set request headers?
- -H: Sets a request header
- Which curl option is used to view the response header?
- -I flag to view the response headers
- Which request method might an -I flag to view the response headersattacker use to scope out usable HTTP requests that an HTTP server will accept?
- They used the OPTIONS method
- Recall that HTTP servers need ways to recognize clients from one another. These are implemented through sessions and cookies.
Answer the following questions about sessions and cookies.
-
Which response header sends a cookie to the client?
HTTP/1.1 200 OK Content-type: text/html Set-Cookie: cart=Bob
- Answer: Set-Cookie
-
Which request header sets a cookie in the client?
GET /cart HTTP/1.1 Host: www.example.org Cookie: cart=Bob
- Answer: Cookie
Look through the following example HTTP request and response and answer the following questions.
POST /login.php HTTP/1.1
Host: example.com
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Content-Type: application/x-www-form-urlencoded
Content-Length: 34
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Linux; Android 6.0; Nexus 5 Build/MRA58N) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.132 Mobile Safari/537.36
username=Barbara&password=password
- What was the request method?
- POST
- Was the request encrypted or unencrypted?
- Yes.
- Does the request have a user session associated to it?
- Yes
- What kind of data is being sent from this request body.
- Encoding: gzip, deflate, br
HTTP/1.1 200 OK
Date: Mon, 16 Mar 2020 17:05:43 GMT
Last-Modified: Sat, 01 Feb 2020 00:00:00 GMT
Content-Encoding: gzip
Expires: Fri, 01 May 2020 00:00:00 GMT
Server: Apache
Set-Cookie: SessionID=5
Content-Type: text/html; charset=UTF-8
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-Content-Type: NoSniff
X-Frame-Options: DENY
X-XSS-Protection: 1; mode=block
[page content]
- What was the response status code?
- 200 OK
- Was the response encrypted or unencrypted?
- Unencrypted
- Does this response have a user session associated to it?
- No
- What kind of content is likely to be in the [page content] response body?
- gzip
- If your class covered security headers, what security request headers have been included?
X-Content-Type: NoSniff X-Frame-Options: DENY X-XSS-Protection: 1; mode=block
Answer the following questions about monoliths and microservices:
- What are the individual components of microservices called?
- Properly scoped functionality.
- Presenting an API.
- Traffic management.
- Data offloading.
- Monitoring.
- What is a service that writes to a database and communicates to other services?
- APIs
- What type of underlying technology allows for
microservices
to become scalable and have redundancy? Docker containers allow formicroservices
to become scalable and have redundancy. Replication of components lets you serve more clients and provides identical backup components if one fails.
Answer the following questions about vulnerability filtering Trivy
scans with jq
:
- Do
microservices
share the same kind of vulnerabilities as regular operating systems?
- Yes.
- Would an organization be more concerned with
Low
severity vulnerabilities as much asCritical
?
- Yes.
- Would the bash tool
jq
be useful in finding certain kinds of vulnerabilities within a vulnerability report?
- Yes. Some vulnerabilities we can report are (MITM), Buffer overflow, (DoS) and Privilege escalation.
Answer the following questions about multi-container deployment:
- What is a tool that can be used to deploy multiple containers at once?
- Docker Compose allows us to create repeated, multi-container deployments.
- What kind of file format was required for us to deploy a container set?
- Docker compose YAML file.
- What is a tool used to actively detects intrusion behavior within containers?
- Falco is an open-source CIDS that alerts security professionals to potential intrusion attempts.
- What high-value system file might an intruder view that would trigger a
sensitive file opening
alert?
- such as /etc/shadow
- What kind of intruder action might trigger an alert from a container IDS that says
shell configuration file has been modified
?
- such as
adduser