A challenging series designed to assist you in learning CISSP related testable content based on possible real world information security situations and scenarios you may encounter as a information security professional. Let's get that analytical brain working with a CarlsCloud™ "Spot the Flaw" challenge!
Vulnerability #1: Weak EAP Settings (Wireless) The Problem: Using the PEAP-MSC ...
You're reviewing the network configuration of a mid-sized organization. Here's an excerpt focusing on wireless and firewall-related settings:
The Problem: The code directly takes user input (name, feedback) and uses it within the JavaScript string sent to the server. There's no input sanitization or encoding.
A small e-commerce company recently added a new "customer feedback" feature on its website. Here's a snippet of the relevant code:
