Reference no: EM131153001
Lab- Performing a Web Site and Database Attack by Exploiting Identified Vulnerabilities
Overview
In this lab, you performed simple tests to verify a cross-site scripting (XSS) exploit and an SQL injection attack using the Damn Vulnerable Web Application (DVWA), a tool left intentionally vulnerable to aid security professionals in learning about Web security. You used a Web browser and some simple command strings to identify the IP target host and its known vulnerabilities, and then attacked the Web application and Web server using cross-site scripting (XSS) and SQL injection to exploit the sample Web application running on that server.
Lab Assessment Questions & Answers
1. Why is it critical to perform a penetration test on a Web application and a Web server pri to production implementation?
2. What is a cross-site scripting attack? Explain in your own words.
3. What is a reflective cross-site scripting attack?
3. Which Web application attack is more likely to extract privacy data elements out of a database?
4. What security countermeasures could be used to monitor your production SQL databases against injection attacks?
5. What can you do to ensure that your organization incorporates penetration testing and application testing as part of its implementation procedures?
6. Who is responsible for the C-I-A of production Web applications and Web servers?
|
Research problem and contributions to research theory
: Research Problem & Contributions to Research Theory- Describe the scientific problem. - Most of the healthcare environments across the industry are unsafe and unhealthy.
|
|
Why might your coworker suggest encrypting an archive file
: Why might your coworker suggest encrypting an archive file before e-mailing it? What kind of network traffic can you filter with the Windows Firewall with Advanced Security?
|
|
What is the arrival rate
: A computer processes jobs on a first-come, first-served basis. The jobs arrive to the computerevery 6 minutes. The objective in processing these jobs is that they spend no more than eight minutes,on average, in the system(Hint: you can use the Go..
|
|
Formulate a linear programming model
: Formulate a linear programming model that can be used to determine the amount of funds CCU should allocate to each type of loan in order to maximize the total annual return for the new funds.
|
|
Explain what is a cross-site scripting attack
: What is a cross-site scripting attack? Explain in your own words. What is a reflective cross-site scripting attack? Which Web application attack is more likely to extract privacy data elements out of a database?
|
|
How does fit into your beliefs about your leadership style
: Analyze your personal leadership attributes you feel you have that will help you in your graduate nursing role. Also discuss those attributes that you feel you may need to develop in your graduate nursing role.
|
|
Indicate the number of different color groupings for sale
: A rug manufacturer has decided to use seven compatible colors in her rugs. However, in weaving a rug, only five spindles can be used. In advertising, the rug manufacturer wants to indicate the number of different color groupings for sale.
|
|
Difference between the variances
: When testing for the difference between the variances of two population with sample sizes of n1=8 and n2=10, the number of degrees of freedom are?
|
|
What key type was use to create the certificate on kleopatra
: What does Kleopatra allow you to do once it is installed? What key type was used to create the certificate on Kleopatra? What other types of encryption key types are possible?
|