XSS SQL injection review


1.    Why is it critical to perform a penetration test on a Web application and a Web server prior to production implementation?   
So you can find the weakness and fix them before it can be implemented on the server and goes live.
2.    What is a cross-site scripting attack? Explain in your own words.
It is a computer security vulnerability typically found in web applications that enables attacks to inject client-side script into web pages viewed by others.
3.    What is a reflective cross-site scripting attack?
A reflective attack involves the web application dynamically generating a response using non-sanitized data from the client scripts.
4.    Which Web application attack is more likely to extract privacy data elements out of a database?
Character scrambling and masking numeric variance and nulling.
5.    If you can monitor when SQL injections are performed on an SQL database, what would you recommend as a security countermeasure to monitor your production SQL databases?
SQL Inject Me allows you to test for SQL injection vulnerabilities that hackers can use to hijack your data and modify the contents of a database.
6.    What can you do to ensure that your organization incorporates penetration testing and Web application testing as part of its implementation procedures?   Well coordinated and regularly audited security checks are a great way of doing this.

7.    Who is responsible and accountable for the CIA of production Web applications and Web servers?   The C-I-A pf production web application and web servers are the responsibility of certified information systems security personnel.