Discussions - Testing Websites, Meltdown and Spectre Vulnerabilities, Social Networking Risks

Discussions Question 1: "Testing Websites"  It is important to test all Web applications for functionality and security. The Rough Auditing Tool for Security (RATS) is an open source tool used for this purpose, however it is accompanied by many other new tools. 

Review the 14 Best Open Source Web Application Vulnerability Scanners [updated for 2018], found at http://resources.infosecinstitute.com/14-popular- Web-application-vulnerability-scanners/#gref. After you?ve reviewed the document, select two of your favorite tools, and compare and contrast the tools and determine the pros and cons for each of them. How often should security testing be conducted on a company?s Website, and how should they conduct the tests? What will happen if you don?t? Is there any benefit to having an outside company conduct the test? Provide your rationale. Share examples with your classmates and provide links to any useful resources you find.  After reading a few of your classmates? postings, reply to the ones from which you learned something new or to which you have something to add. Remember to get in early and post often.

Additional post options: What is the advantage of using multiple tools when testing for vulnerabilities?

Question 2: "Meltdown and Spectre Vulnerabilities"  One of the biggest concerns when a vulnerability is discovered is how to inform the public. Companies often subscribe to Security RSS feeds, so they are made aware of vulnerabilities quickly. One of the most critical vulnerabilities found today that affect both Websites and browsers is the Meltdown and Spectre vulnerability. 

Research the Meltdown & Spectre vulnerability. Summarize your findings and describe the total global impact of this vulnerability. Search the Internet and locate Linus Torvalds?s comments on Meltdown and Spectre vulnerability. After you've reviewed Torvald?s comments, do you agree or disagree? Justify your rationale with other research on the topic. Are there tools available to verify if a computer is susceptible to this vulnerability? Share any additional useful links or tools you find with your classmates. Note: Please cite your sources for the research you reviewed by posting a link to the site in the discussion thread.  After reading a few of your classmate?s postings, reply to the ones where you learned something new, or have something to add. Get in early to post your initial response and keep the discussion going. 

Additional post options: Conduct an informal survey: how many of your friends

http://resources.infosecinstitute.com/14-popular-web-application-vulnerability-scanners/#gref

http://resources.infosecinstitute.com/14-popular-web-application-vulnerability-scanners/#gref

?

?

know about this threat? How did they find out, and if they didn't how can we make sure these threats are conveyed to the public?

Question 3: "Social Networking Risks"  Social media and social networking are some of the newest tools used to market products and services to the public. Sales and marketing professionals love these tools since they reach consumers with great efficiency and with tailored results. 

Many organizations do not allow office employees to use social networking sites and instant messaging software. Take a position for or against these policies and provide a rationale for your response. What if the company implemented a “Bring your Own Device Plan,” (BYOD)—would this change your opinion? Should employees be allowed to access these sites if they are at work? Using the Internet, look for any resources that suggest safer ways to implement these services in the workplace. Provide links to the tools or tips that you find and share with your classmates. After reading a few of your classmates? postings, reply to the ones from which you learned something new or to which you have something to add. Remember to get in early and post often.

Additional post options: What types of attacks that can start with Social Media / Networking attacks are you most concerned with and what precautions do you take? Read some classmate posts and see if you think their precautions are sufficient. Be respectful in your posts if you disagree. Remember, we?re all learning together!