lab 4 what are the five steps of a hacking attack during the reconnaissance step of the attack, describe what zenmap gui performs to do passive os fingerprinting what step in the hacking attack process uses zenmap gui what step in the hacking attack process identifies known vulnerabilities and exploits during the scanning step of the hacking attack process, you identifed known software vulnerabilities in a windows xp professional workstation. list the name and number of the critical microsoft vulnerabilities identified. what is vulnerability "ms08-067" which tool and application was used to exploit the indentified vulnerability on the targeted microsoft 2003 xp sp2 workstation if you are a member of the security penetration testing team and you identify vulnerabilities and exploits, should you obtain written permission from the owners prior to compromising and exploting the known vulnerability what does the tool ettercap do the most important step in the five step hacking process is step 5 where the security practitioner must remediate the vulnerability and eliminate the exploit. what is the name and number of the microsoft security bulliten what is the name of hte microsoft windows xp sp2 security patch needed to remediate this software vulnerability and exploit lab 5 why is it critical to perform a penetration test on a web application prior to production implementation what is a cross site scripting attack? explain in your own words what is a reflective cross site scripting attack what common method of obfuscation is used in most real world sql attacks which web application attack is more prone to extract privacy data elements out of a database if you can monitor when sql injections are performed on an sql database, what would you recommened as a security countermeasure to monitor your production sql databases given that apache and internet information services (iis) are the two most popular web application servers for liunux and microsft windows platforms what would you do to identify known software vulnerabilities ande xploits what can you do to ensure that your organization incorporates penetrating testing and web application testing as part of its implementation procedures what other security coountermeasures do you recommend for web sites and web application deployment to ensure the cia of the web application who is responsible and accountabe for the cia of production web applications and web servers