User Account

All Pages

Write a bash script to check whether the given certificate

Assignment Help Other Subject
Reference no: EM133523920

Securing Networks

Question 1 (Internet Security)

In this question, you will need to complete the following tasks (you may want to refer to Week 4 for relevant knowledge and skills required, although other weeks' material might be useful too.):

A2 Login Page, for Question 2 Assignment 2(attached)

1. In the assignment folder, you should be able to find a certificate named sam- ple cert.cer. Use the openssl utility to convert the certificate into text format. Notes: In Week 4 tutorial you have used openssl to open certificates successfully, but the command for this (sub-)question can be slightly differ- ent because of a new format (DER format for this assignment).

2. Write a bash script to check whether the given certificate (sample cert.cer) is on the Certificate Revocation List (CRL) from the Certificate Authority (CA) by following the steps below:
Step 1: Extracting and printing out the CRL HTTP(S) of CA's Server.
• Step 2: Extracting and printing out CRL's filename.
Step 3: Downloading the CRL from CA's server (you can use the wget command).
• Step 4: Extracting the list of serial numbers from the CRL.
Step 5: Extracting the serial number from the given certificate (sam- ple cert.cer).
Step 6: Checking whether the given certificate's serial number (extract- ed in Step 5) is from the CA's CRL (extracted in Step 4) or not. If "yes", please print out "The given certificate is on the CRL, i.e., revoked by the CA", otherwise please print out "The given certificate is not on the CRL, i.e., not revoked by the CA".

See Fig 2 for an expected output for Question 1 (you may need to zoom in the picture for a clearer view).

Question 2 (Web Security:)

You may want to refer to Week 5 and Week 6 for relevant knowledge and skills required for Question 2, although other weeks' material might be useful too.

A web server script (a2server.py) has been distributed to you. Please run the script with Python 3 locally to complete Question 2. You need to install Flask to run this server. If you want to know how to install Python 3 and Flask, please check Part II of Week 6 Tutorial.
After starting the server locally (using the command Python3 a2server.py), please open your web browser (Chrome or Firefox preferred) and enter the

The web server code was written in Python 3 with Flask module, however you are not required to write any Python code for completing this question. You will only need to write a simple SQL query statement (for Sub-question 1) and Javascript code (for Sub-question 2). All knowledge required for completing this question has been covered in class.

1. SQL injection attack (5 marks). Your goal in this Sub-question is to in- ject an SQL query statement which enables you to log in as Alice without knowing Alices password. Alice's email is [email protected], while Alice's password is unknown to you. Based on what you have learned in CSC8520

Lecture 5 and Tutorial 5, find a way to log in as Alice (without knowing her password)!
• Hint: The SQL query statement can be found as follows:
SELECT * FROM users WHERE email='%s' and password='%s'"%(email,password)

2. Cross-site Scripting (XSS) Attack . Your goal in this Sub-question is to inject some Javscript code on a page that the admin user will look at and disclose his/her session cookie to you. You can follow the steps below to conduct this XSS attack for achieving the goal:

Step 1: Log in as Alice (after you conduct a successful SQL injection attack described in Sub-question 1 above), find the Section of "Post News item" (see Fig 3)and enter some Javscript code in a page that the admin user will look at and will cause the disclosure of his/her session cookie to you. After clickig "Submit", you should be able to see a new section "News list", under which there is an item called "alice say: Exciting News". The phrase "Exciting News" should be underscored because it's a hyperlink, which the admin will be asked to click in Step 3 below. Please refer to Fig 4 for an expected output.
Step 2: Log out as Alice and log in as admin with username: ad- [email protected], and password averysecureadminpassword.
Step 3: After logging in as admin successfully, please go to click the link (after Step 1 described above, prepared by Alice). Your XSS attack in Step 1 is successful if you can see admin's session cookie information displayed on the "News list". Please refer to Fig 5 for an expected output (you may need to zoom in the picture for a clearer view).

Note: if you feel annoyed by the automatic popups after a successful persis- tent XSS attack, you can restart the web server which will refresh the SQL database.

Attachment:- Securing Networks.rar

Reference no: EM133523920

Questions Cloud

What are some strike from managements perspective : What are some advantages and disadvantages of a strike from management's perspective?
State reasons why and the ebp behind your selection : Select on organization and an intervention that you could implement in your current place of work. State reasons why and the EBP behind your selection.
Find the best candidate that fits culture of organization : What pre-employment selection methods can be used to find the best candidate that fits the culture of the organization?
Are nurses involved in evaluating the systems : What training is provided when a new information system is implemented in your organization? Are nurses involved in evaluating the systems?
Write a bash script to check whether the given certificate : CSC8520 Securing Networks, University of Southern Queensland - Write a bash script to check whether the given certificate (sample cert.cer) is on the Certificat
What specifically will you address in your proposed health : Using data and statistics, support your claim that issue you selected is a problem. What specifically will you address in your proposed health promotion program
Describe ethical considerations in relation to recruitment : Describe any ethical considerations in relation to recruitment of the participants and your plans to address them.
Explain how you will back up the data and keep it secure : Explain how you will back up the data and keep it secure throughout the data management process. What challenges are associated with this
Discuss key people involve and how your research will affect : Why is your research need and how will it affect social change or change within organization? Discuss key people involved and how your research will affect them

Reviews

Write a Review

Other Subject Questions & Answers

  Cross-cultural opportunities and conflicts in canada

Short Paper on Cross-cultural Opportunities and Conflicts in Canada.

  Sociology theory questions

Sociology are very fundamental in nature. Role strain and role constraint speak about the duties and responsibilities of the roles of people in society or in a group. A short theory about Darwin and Moths is also answered.

  A book review on unfaithful angels

This review will help the reader understand the social work profession through different concepts giving the glimpse of why the social work profession might have drifted away from its original purpose of serving the poor.

  Disorder paper: schizophrenia

Schizophrenia does not really have just one single cause. It is a possibility that this disorder could be inherited but not all doctors are sure.

  Individual assignment: two models handout and rubric

Individual Assignment : Two Models Handout and Rubric,    This paper will allow you to understand and evaluate two vastly different organizational models and to effectively communicate their differences.

  Developing strategic intent for toyota

The following report includes the description about the organization, its strategies, industry analysis in which it operates and its position in the industry.

  Gasoline powered passenger vehicles

In this study, we examine how gasoline price volatility and income of the consumers impacts consumer's demand for gasoline.

  An aspect of poverty in canada

Economics thesis undergrad 4th year paper to write. it should be about 22 pages in length, literature review, economic analysis and then data or cost benefit analysis.

  Ngn customer satisfaction qos indicator for 3g services

The paper aims to highlight the global trends in countries and regions where 3G has already been introduced and propose an implementation plan to the telecom operators of developing countries.

  Prepare a power point presentation

Prepare the power point presentation for the case: Santa Fe Independent School District

  Information literacy is important in this environment

Information literacy is critically important in this contemporary environment

  Associative property of multiplication

Write a definition for associative property of multiplication.

Free Assignment Quote

Assured A++ Grade

Get guaranteed satisfaction & time on delivery in every assignment order you paid with us! We ensure premium quality solution document along with free turntin report!

Submit Assignment

Academics

Major Subjects

Majors

Get In Touch

whatsapp: +1-415-670-9521

Phone: +1-415-670-9521

Email: [email protected]

TERMS & POLICIES

HELP & SUPPORT

All rights reserved! Copyrights ©2019-2020 ExpertsMind IT Educational Pvt Ltd