Answer the following questions about IT
Questions & Answers
1. How does skipfish categorize findings in the scan report?
2. Which tool used in the lab is considered a static analysis tool? Explain what is referred to by static code analysis.
3. What possible high-risk vulnerabilities did the RATS tool find in the DVWA application source code?
4. Did the static analysis tool find all the potential security flaws in the application?
5. During the manual code review, what do you notice about high.php that makes it less likely to victimize users with XSS reflection, and why is it considered more secure?
6. Compare and contrast the tools used in this lab with a penetration-testing tool such as WebScarab.
7. Compare the results of the RATS and skipfish reports you reviewed in the lab.