Site Loader

Name:
Alsalt Alkharusi

 

Final Exam

We Will Write a Custom Essay Specifically
For You For Only $13.90/page!


order now

Q1, Part-1:

Answer

• Value to the company (for bounty programs specific to one provider)

The bug bounty programmers are
playing a vital role by identifying different bugs in the dedicated systems.

Similarly, bug bounty programs can easily identify latest bugs in the code of
software. Companies are looking to hire bug bounty programmers for this purpose
and also they are using latest bug bounty tools and programs for continues
identification of the bugs in their codes. Mozilla is a company and this
company is providing the bug county programs for identification of different
security flaws and vulnerabilities. Because bug bounty is working to find out
security flaws in the target system. This company is also inviting programmers
and bug bounty specialist to participate in their program for bug bounty
programs. Company is getting tremendous value because of this bug county
program, because this program is helping them to identify issues, security
threats, vulnerabilities, to review codes and also it is based used for third
party penetration testing as well. Companies are getting information about
their issues and in the response they are paying to the bug bounty programs.


Value to the IA Penetration Testing community

The value of IA penetration testing
community is also increasing, because bug bounty programs are helping them to
analyze all security features of the target software. In penetration testing
the security professionals are targeting their own company system to find out
security holes and security issues with their code and with this security
system of the company. With the arrival of bug bounty programs, the value of IA
penetration testing community is increased, because they are getting more
advance security holes in the target code. In this way, we can say that the
value of IA penetration testing community is increased and now they can easily
find out more hidden flaws in their codes. Now they can earn lot of money by
just identify a single bug for well renowned company.

Q1, Part-2:

Answer

Bug Bounty
programs

Winning bounty

Language

Software
ownership

Battlehack 2015

$100,000 USD

C++, JavaScript (as Node.js)

Developer will
retain full ownership of the software they will develop

Facebook WhiteHat
Program

Minumum $500 USD

C++, PHP, D, Java, Python (Server-side);
JavaScript (Client-side)

Need to report
new faults and their team will decide about

Google
Vulnerability Reward Program (VRP)

$100 to $20000

C/C++, Java, Python, Go
(Server-side); JavaScript, Flash (Client-side)

Must login on the
google bug bounty program for detected and reporting any flaw.

Yahoo Bug Bounty
Program

$100 to $20000

JavaScript, PHP (Server-side);
JavaScript (Client-side)

Yahoo team will
work on the reported bug and they will decide about the reliabitliy of bug.

 

Q2:

Browser Cache

Browser cache is storing the
website resources and contents from browser where visitors are browsing
websites. Tis cache is very helpful to increase the loading speed of the
websites and also we can reduce the usage of bandwidth as well, because when
one website is loaded in a browser, then all the resources of the websites are
saved in the browser cache and when next time that website is accessed, then
lot of things like images, files, HTML, JavaScript files etc. are not loaded,
because these things are already available in the browser cache.

ISP Cache

ISP cache is also working as browser cache and it storing information of
the website that are being loaded on the browser first time. A copy of web
pages are stored on this cache and when there is not internet connection then
we can open offline pages by using ISP cache and these pages are known as local
copy. But ISP cache can’t be deleted as browser cache, we can easily delete the
browser cache, but ISP cache can’t be deleted. For deleting ISP cache we need
to wait for the ISP expiry. When ISP cache expires, then all temporary files
will be deleted from this cache.

Edge content servers

Many
websites are using caching servers and in this process a distributed technique
is used to store different pages of websites on different servers in the form
of mirror images. All these images are stored in different parts of the world
and this will edge content server technique is used to increase loading speed
of the website, because primary servers are always busy because of heavy
traffic, in this way edge content servers are used for quick response of
websites

Caches managed by the servers

To manage data we can use caches managed servers to store data
independently. All these caches managed servers are connected with the
application server. It is providing server pool management, it is providing
server load balancing, because request of the data access are distributed
between different caches manage servers. In this way, the response of the
database server will increase and we can retrieve our data without any delay.

Q3:

Answer

Log
Analysis

This data is being used in ELK
stack, the log analysis of the Cloud Trail records can be helpful to monitor
different trends. This data can be analyze and monitored on the basis of when,
where, and what. This data consist of users identify like their name or number,
call time, sources being used, parameters used for request and returning
components. All these records of the data are going to be analyzed with the
help of ELK stack. We can easily aggregate, visualize and analyze this data by
using the ELK stack. Like how much data is being used by a specific person,
what type of date or records are trending today, what is maximum and minimum
cloud storage usage etc. To get some deceivability into the CloudTrail logs, an
initial step is to include a portion of the accessible fields to the
fundamental show region. This relies upon what you might want to examine, yet
the most evident fields to include would be the following.

·       ‘awsRegion’

·       ‘eventName’

·       ‘eventSource’

·       ‘userIdentity.type’

Analyze
weblogs

Logstash is an apparatus for
pipeline preparing of logs. It can read logs from a wide range of sources, has
an adaptable preparing structure, and a wide choice of yields. In this post we
will read from a record, split the crude content line into fields, before at
long last the handled and clean fields are sent up into Elasticsearch. For a pursuit
application, the most fascinating metric is maybe the most utilized question
terms. Select “question” from the rundown of fields. Tapping on the
“Imagine” catch at the base of the field measurements opens up the
Visualize tab with a bar diagram of the most utilized question terms. In the
event that you need the investigation to demonstrate finish inquiries (not
separated into terms), select the “query.raw” field as opposed to
“inquiry”. Logstash as a matter of course records all fields twice,
utilizing the default analyzer, and not_analyzed. For broke down fields Elastic
search parts the field substance into singular terms (tokens), which is
extremely helpful while seeking. Nonetheless, while breaking down client
conduct and managing insights, you frequently require the total inquiry string
given by the client. This will be accessible in not broke down adaptation of
the field, which you can access by utilizing the “field.Raw”
documentation.

Analyzing
how much I need to feed my cat

It is quite difficult to find out
how much feed is required for my cat. The cat feed is based on different
factors like age, weight, exercise time, environmental factors like
temperature, and energy level of different foods. The calculation of these
things is quite difficult. But we can use this data to identify or to calculate
exactly required feed for my cat. By using ELK stack, we need to put age,
weight, feed type, and temperature and exercise timing of the cat in this ELK
stack data analyzer and this will show a graph of estimated required food for
the car with complete analysis of calories etc.

Q4

Answer

Title 10 and Title 50 authoriteis are operating in
different circumstatns and for different objecties. Basically, the USA military
is operating under the authrity of Title 0 and this U.S.C do have authority to
use destructive force. On the other hand, Title50 authority is operating CIA
and other security agencies of the country. All intellegence and search
operatiosn are authorized under the Title50 authority. Historically, both
authorities are operating with enoguh separation and now these both authorities
are getting closer to each other. But still there are lot of differences, like
informaiton of the Age, usage of new technologies, and national security issuea
are also increaing.

Right now, the U.S army is workign under Title 10,
and it is providing very helpful inter services operations, intelligence
capabilities and to execute cover operations. So, all forces like SEAL Team
Six, JSOC and Deltar Force etc. are working under Title10 authority. On the
other hand, CIA is also working under Title 50 and they are progressing towards
strong capabilities of the military infrastructure, like they are using
weaponized drones to hit specific targes, and also they are working outside
their traditional zone under the authority of Title 50.

But right now these both authorities are getting closer
to each othe to make and share lot of things. But they are getting closer to
each other one for sharing informiaton for any combined missions. Even they are
working to complete lot of illegle or extrajudicail operations as well. And
now, questions are being asked abouthte proper control, and check balance of
their operations. And fort his purpose, both authoritis are responislbe
equally. Recently computer netowrk operations and offensive cyber actions are
creating more issues for both authoities, because traditional military
activities are diverting towards cyber security.

The war of terror is also increasing convergence of
both authorities, but still both authorities are looking to improve their
unique identification. In some operations and in some concerns both authorities
are looking overrul or avoide the participation of each other. right now both
authorities are looking to bring accountabiltiy. Both authorities are fighting
against cyber security as well, particulaly Title 50 authority is responsible
to handle all issues of cyber security, and for this purose they are monitoring
all activities to identify any security threat or any other security issues

 

 

Post Author: admin

x

Hi!
I'm Erica!

Would you like to get a custom essay? How about receiving a customized one?

Check it out