Please Answer Each Discussion Seperately!!
Disucussion 1: (160 Words)
1.     Explore a major passive scanning website, such as www.netcraft.com or www.shodan.io. Describe the type of information that can be gathered from the website. Explain how the website can be useful to a penetration tester.
Discussion 2: (100 Words)
Agree or Disagree? Why?
Select an organization that you are familiar with. Conduct a passive scanning of the organization’s website. What insights did you get from the scanning? 
I conducted a passive scan of a university. These were the top 4 vulnerabilities found, along with the risk.
Website
Vulnerability Name
Count
Risk Level
Weighted Risk
Sub Resource Integrity Attribute Missing
4
Medium
70%
CSP: Wildcard Directive
1
Medium
67%
CSP: script-src unsafe-inline
1
Medium
67%
CSP: style-src unsafe-inline
1
Medium
67%
These vulnerabilities can lead to a variety of front-end attacks, primarily through the injection of malicious content. The absence of the SRI attribute can allow third parties to inject additional content into files fetched by the web application or document. Incorrect implementations of CSP can expose the website to various attacks, including XSS attacks.
Reference:
Mozilla (n.d.). Mozilla. Subresource Integrity. Retrieved June 15, 2024, from https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity
Disucussio 3: (50 Words) (Chapter 4 Document)
What is port scanning? Why is it an important step in penetration testing?