Reference no: EM131097663
This lab was much harder than I thought it would be. I had to run this vulnerability scan called ZAP against my web pages and fix solutions based on what the attach report says to fix. Do you think by looking the the report you can fix the solutions of the files I attached as well.
Please explain the errors in report and what the solution is. Then supply a screen shot aftetr running ZAP again showing all volunerabilities fixed (I can run it if you would like).
Cross Site Scripting (Reflected)
Cross-site Scripting (XSS) is an attack technique that involves echoing attacker-supplied code into a user's browser instance. A browser instance can be a standard web browser client, or a browser object embedded in a software product such as the browser within WinAmp, an RSS reader, or an email client. The code itself is usually written in HTML/JavaScript, but may also extend to VBScript, ActiveX, Java, Flash, or any other browser-supported technology.
When an attacker gets a user's browser to execute his/her code, the code will run within the security context (or zone) of the hosting web site. With this level of privilege, the code has the ability to read, modify and transmit any sensitive data accessible by the browser. A Cross-site Scripted user could have his/her account hijacked (cookie theft), their browser redirected to another location, or possibly shown fraudulent content delivered by the web site they are visiting. Cross-site Scripting attacks essentially compromise the trust relationship between a user and the web site. Applications utilizing browser object instances which load content from the file system may execute code under the local machine zone allowing for system compromise.
There are three types of Cross-site Scripting attacks: non-persistent, persistent and DOM-based.
Non-persistent attacks and DOM-based attacks require a user to either visit a specially crafted link laced with malicious code, or visit a malicious web page containing a web form, which when posted to the vulnerable site, will mount the attack. Using a malicious form will oftentimes take place when the vulnerable resource only accepts HTTP POST requests. In such a case, the form can be submitted automatically, without the victim's knowledge (e.g. by using JavaScript). Upon clicking on the malicious link or submitting the malicious form, the XSS payload will get echoed back and will get interpreted by the user's browser and execute. Another technique to send almost arbitrary requests (GET and POST) is by using an embedded client, such as Adobe Flash.
Persistent attacks occur when the malicious code is submitted to a web site where it's stored for a period of time. Examples of an attacker's favorite targets often include message board posts, web mail messages, and web chat software. The unsuspecting user is not required to interact with any additional site/link (e.g. an attacker site or a malicious link sent via email), just simply view the web page containing the code.
|
What is the lowest cost of labor and capital usage
: Suppose a firm has the following production technology: one work is required to operate on one machine (capital). More than one worker on the same machine will have a zero MPL. One worker operating on two or more machines will also have a zero MPK. I..
|
|
Health care regulation and public policy
: Discuss the basic economic principle supply and demand in verifying that studies have shown that when patients bear a higher portion of the cost for individual clinical decisions, they choose less costly treatments. If a social medical model is imple..
|
|
How could it use monetary policy achieve the goal
: Suppose the bank of Canada wanted to increase the supply of money. How could it use monetary policy achieve the goal? The money demand curve is shown in a graph with interest rate on short term assets on the vertical axis. Why use short-term interest..
|
|
Klosterman situates pop culture within a larger conversation
: In the essays I had you read leading up to this assignment, Klosterman situates pop culture within a larger conversation about race and consumption, economics/class and consumption.
|
|
What the given report says to fix
: This lab was much harder than I thought it would be. I had to run this vulnerability scan called ZAP against my web pages and fix solutions based on what the attach report says to fix.
|
|
What factors influence their elasticity
: Consider price elasticity of demand for cigarettes. What are some other products that are similarly price elastic in their demand and what factors influence their elasticity?
|
|
Provide a written summary of the swot results
: You have now received information from several vendors. You have selected the two top vendors, and a summary of their information is provided at the end of these instructions. First, create a matrix to compare the vendors aligned with your organiz..
|
|
Evaluate for strength according to criteria for that type
: Put the following arguments into standard form for their type and evaluate for strength according to the criteria for that type. Some reconstructions might involve adding premises. One third of the 4,800 species of frog are threatened with extinction..
|
|
Create own loop application
: Create your own unique While-End or (For End) repetition C code. You decide the theme. Be sure to provide an overview of what your repetition structure is doing. Please keep the design simple for this exercise. Just a few lines of code is all that..
|