Reference no: EM131143707
Lab- Performing a Web Site and Database Attack by Exploiting Identified Vulnerabilities
Overview
In this lab, you performed simple tests to verify a cross-site scripting (XSS) exploit and an SQL injection attack using the Damn Vulnerable Web Application (DVWA), a tool left intentionally vulnerable to aid security professionals in learning about Web security. You used a Web browser and some simple command strings to identify the IP target host and its known vulnerabilities, and then attacked the Web application and Web server using cross-site scripting (XSS) and SQL injection to exploit the sample Web application running on that server.
Lab Assessment Questions & Answers
1. Why is it critical to perform a penetration test on a Web application and a Web server pri to production implementation?
2. What is a cross-site scripting attack? Explain in your own words.
3. What is a reflective cross-site scripting attack?
3. Which Web application attack is more likely to extract privacy data elements out of a database?
4. What security countermeasures could be used to monitor your production SQL databases against injection attacks?
5. What can you do to ensure that your organization incorporates penetration testing and W application testing as part of its implementation procedures?
6. Who is responsible for the C-I-A of production Web applications and Web servers?
|
Is the measurement of net income in a merchandising company
: "The steps in the accounting cycle for a merchandising company differ from the steps in the accounting cycle for a service enterprise." Do you agree or disagree?
|
|
Estimate how many miles this star travels in one year
: It takes 3x107 years for a particular star to make one orbit around its galaxy. Assume that this star's orbit in its galaxy is circular with a diameter of 104 light years. A light year is the distance that light travels in one year. There are about 5..
|
|
Pay the mortgage off by repaying the outstanding balance
: 4-21. When you purchased your house, you took out a 30-year annual-payment mortgage with an interest rate of 6% per year. The annual payment on the mortgage is $12,000. You have just made a payment and have now decided to pay the mortgage off by repa..
|
|
Evaluate the technology trends available to help
: Your detailed promotional strategy to support theintroduction(Advertising, sales promotion, sales force, direct marketing, P/Retc) Include your promotional budget, Evaluate the technology trends available to help youmarket the product.
|
|
What is a reflective cross-site scripting attack
: What is a reflective cross-site scripting attack? Which Web application attack is more likely to extract privacy data elements out of a database?
|
|
Develop a ror application that shows the current time
: Develop a RoR application that shows the current time (at the server side) to the user. The index page should have the message "The current time is: ".
|
|
The following was published with the financial statements
: Write a brief memo to your instructor discussing American Exploration Company's note regarding property, plant, and equipment. Your memo should address what is meant by the "successful efforts method" and "units-of-activity method."
|
|
Three largest consumer segments within particular market
: After reading the chapters and lecture notes regarding marketing segmentation and target markets, select one of the following product categories (cars, trucks, SUV’s, shoe stores, men’s or women’s clothing stores, computers, beer, headphones, or fitn..
|
|
What is the main difference between a virus and a trojan
: What is the main difference between a virus and a Trojan? A virus or malware can impact which of the three tenets of information systems security (confidentiality, integrity, or availability)? In what way?
|