Premium Essay

Lab 7

In:

Submitted By xOhsleeper
Words 379
Pages 2
IS3445 Security Strategies for Web Applications and Social Networking
Lab 7 Assessment
05/10/14

1. How does Skipfish categorize findings in the scan report?
As high risk flaws, medium risk flaws, and low issue scans 2. Which tool used in the lab is considered a static analysis tool? Explain what is referred to by static code analysis.
RATS, because the running of static code analysis tools that attempt to highlight possible vulnerabilities within ‘static’ (non-running) source code. 3. What possible high risk vulnerabilities did the Rats tool find in the DVWA application source code?
Allow system commands to execute. 4. Did the static analysis tool find all the potential security flaws in the application?
Yes, although such tools like these would automatically find security flaws with high degree of confidence that what it found was a flaw. 5. What is black box testing on a web site or web application?
They’re designed to threat the application as an “unknown entity”; therefore, no knowledge of the tiers is provided. 6. Explain the Skipfish command in detail: ./skipfish-o/var/scans/is308lab.org –A admin:password –d3 –b I –X logout.jsp –r200000 http://www.is308lab.org
This is a standard, authenticated scan of a well-designed and self-contained site. 7. During the manual code review, what is noticed about high.php to make it less likely to vicitimize users with XSS reflection and why is it considered more secure?
Because when a php is at high-level language its more secure and often times it’ll most likely have bugs and errors that are low-level languages. 8. Would Firefox be considered a web application assessment tool?
Firefox is a popular web application penetration testing tool with many plugins. It’s designed for web application security assessment or penetration testing. 9. Compare and contrast a pent testing tool

Similar Documents

Premium Essay

70-680 Configuring Windows 7 Lab

...;99OFOFOFOFOFcFcFcF8FFDcF;TFFFFFGGGSSSSSSSVYlSOFGGGGGSOFOFFFS:I:I:IG^OFFOFFS:IGS:I:IZRpzSF-JcF$HXRS T0;TRY|HY zSYOFzSPGG:IGGGGGSS:IGGG;TGGGGYGGGGGGGGG9 E: Lab 3Installing Windows 7Exercise 3.1Installing Windows 7 from a DVDOverviewIn Exercise 3.1, you install Windows 7 on a workstation, using a standard installation DVD.Completion time20 minutesQuestion 1What types of partitions did the system create?Exercise 3.2Joining a Workstation to a DomainOverviewIn Exercise 3.2, you join your newly installed Windows 7 workstation to your networks Active Directory Domain Services domain.Completion time5 minutes7. Take a screen shot of the message box by pressing Alt+Prt Scr and paste it into your Lab03_worksheet file in the page provided by pressing Ctrl+V.70-680 Configuring Windows 7 Lab Manual JU < G ~ͻͻ~njnjh!kKhjzh!kK6CJOJQJ^Jh!kK6CJOJQJ^JhHh!kKCJOJQJ^Jh!kKCJOJQJ^JhQGjhQGUhimH nH uh~8mH nH uh$wmH nH uhr+h!kKhr+h!kK5hr+h[mH nH uhomH nH uhr+h!kKmH nH u&*JKGkd$$Ifl0,"t$ t0644lap$$Ifa$gd!kKgd!kKs`gdor`gdoKTUZzkd$$Ifl0,"t$t0644lah$If^`gd!kK x$Ifgd!kK $Ifgd!kK wne $Ifgdo $Ifgd!kK8^8`gd!kKzkd_$$Ifl0,"t$t0644la ...

Words: 397 - Pages: 2

Premium Essay

Lab 7

...Antonio Johnson Class: Access Security Unit: IS3230 September 25, 2014 Lab 2 Design Infrastructure Access Controls for a Network Diagram Lab 2 Answers 1. To check it there I any malware, updates where it be made, and to know if any other viruses are the system or application 2. help to cut down storage and backup cost, to meet legal regulatory requirements for retrieving specific information within a set timeframe. Data strategies are different types and volume. 3. Have backup/ restore for the patch management 4. Networking monitoring allows real-time communication to take place on a data path that’s established and does change. Performances monitoring is circuit-switched networks known for stability and reliability with industry standards, it alarms the network engineers of new attack protocols. It also helps secure IT infrastructure be increasing storage needs 5. I think passwords and PIN are required for multi-factor authentication 6. Systems/Application domain because attackers will target that first. 7. Network-based firewall is a computer network firewall operating at the application layer protocol stack. Hose-based firewall is monitoring any application input, output, or systems services calls are made from. I put in the implementation, the firewall will block out malware and it let me know when the firewall needs to be updated. 8. Consuming Entering Using All 3 controls use permission called authorization which gives users right to...

Words: 323 - Pages: 2

Premium Essay

Lab 7

...Lab #3 – Assessment Worksheet Data Gathering and Footprinting on a Targeted Web Site Course Name and Number: _____________________________________________________ Student Name: ________________________________________________________________ Instructor Name: ______________________________________________________________ Lab Due Date: ________________________________________________________________ Overview The first phase of hacking is the footprinting phase, which is designed to passively gain information about a target. In this lab, you performed technical research against three Web domains using Internet search tools. You collected public domain information about an organization using the Google search engine to uncover information available on the Internet. Finally, you recorded the information you uncovered in a research paper, describing how this information can make an organization vulnerable to hackers. Lab Assessment Questions & Answers 1. What information can you obtain by using the WHOIS tool contained within Sam Spade? 2. Besides the WHOIS utility covered in this lab, what other functions did you discover are possible with the Sam Spade utility? 3. What is the purpose of the tracert command? What useful information does the trace route tool provide? How can this information be used to attack the targeted website? 4. Is Sam Spade an intrusive tool? What is your perspective on the use of a freeware utility such as Sam Spade? 5. By its nature...

Words: 341 - Pages: 2

Free Essay

Lab 7

...Justice Ross Physiology Lab Dr. Xu 2 March 2016 Frog Skeletal Muscle Lab Introduction A biologist by the name Jan Swammerdam performed the first experiments on muscle physiology between 1661 and 1665. Swammerdam demonstrated that an isolated frog muscle can contract if the sciatic nerve is irritated with a metal object. Almost a century later, a physician by the name Luigi Galvani demonstrated that frog muscle responds to electrical currents. In the late 1840s, either Carlo Matteucci or Carl Ludwig attributed to the invention of the kymograph, which is illustrated as a rotating drum powered by a clockwork motor. The invention of the kymograph changed experimental physiology by allowing muscle contractions, and other actions, to be recorded and analyzed for the first time ever. Muscle cells, or muscle fibers, are defined as the basic unit of a muscle. Therefore, complete muscles are constructed from bundles of muscle fibers, but there are no gap junctions between adjacent cells so each fiber performs independently. Myofibrils establish an ordered structure for single muscle fibers. Every myofibril is comprised of actin and myosin. Actin and myosin are contractile proteins that can slide past each other when Ca2+ and ATP are present. A motor unit is described as a single motor neuron and all of its innervating muscle fibers. Like nerve tissue, muscle fibers produce an all-or-none response to a stimulus, generating a twitch. A single motor neuron supplies numerous muscle...

Words: 1350 - Pages: 6

Free Essay

Lab 7

...Laboratory 7: Security Basics December 1, 2014 Lab 7: Security Basics Task 1: Procedure 1. Firewalls may be hardware devices or software programs. Hardware firewalls protect an entire network. Software firewalls protect a single computer. Locate an example of each of these types of firewalls and compare their features. Linksys and Cisco make firewall/routers for home use. The Zonelabs Zone-Alarm firewall is an example of a software firewall. a. Cisco RV082 Dual WAN VPN Router i. Dual Fast Ethernet WAN ports for load balancing and/or business continuity ii. Built-in 8-port Fast Ethernet switch iii. Strong security iv. High capacity VPN capabilities v. Optional cloud-based web security service vi. Support for Small Business QuickVPN software b. Linksys WRT54GS Wireless i. G Broadband Router with SpeedBooster IEEE 802.3/3u, IEEE 802.11b/g ii. VPN Pass Through iii. Stateful Packet Inspection (SPI) Firewall, Internet Policy Wi-Fi Protected Access 2 (WPA2), WEP, Wireless MAC Filtering Task 2: Procedure 1. By 2010 the number of different known viruses numbered over 4 million. Many companies produce anti-virus programs to help protect your computer against these threats. Some of the companies are Panda, Norton, McAfee, AVG, and Kaspersky. Which of these companies provide free versions of their software? Which ones provide trial versions? a. Free versions i. AVG b. Trial versions i. Panda ii. Norton iii. McAfee iv. AVG v. Kaspersky 2. Viruses and other...

Words: 1291 - Pages: 6

Free Essay

Lab 7

...Instruction Worksheet 1 of 3 Synchronous Motor Load Characteristic n, IL, cos φ, Pout, η = f(M) Objective / Outcome:   To recognise the synchronous motor operation. To determine the load characteristics of a synchronous motor. Procedure: 1. Establish the connections according to the diagram below. Experiment 7.1 Instruction Worksheet 2 of 3 Synchronous Motor Load Characteristic n, IL, cos φ, Pout, η = f(M) Experiment 7.1 2. Turn on the DC power supply and adjust the value of the rated excitation current according to the machine name plate. Then, start the motor by using the three phase AC power supply. 3. Measure the speed, armature current, excitation current, power factor and input power from 0 N.m until 2.5 N.m, including the rated torque/load value of 1.72 N.m. 4. Then, calculate the output power, reactive power and efficiency based on the measurements. 5. Represent the speed, armature current, power factor, output power and efficiency as functions of torque/load in a single graph and indicate the rated load on the graph. Analysis and Discussions Provide analysis and discussions based on the graph. Instruction Worksheet 3 of 3 Synchronous Motor Load Characteristic n, IL, cos φ, Pout, η = f(M) Experiment 7.2 Objective / Outcome: To determine the load characteristics of a synchronous motor at constant power factor, cos  = 1. Procedure: 1. Establish the connections according to the previous diagram. 2. Apply...

Words: 435 - Pages: 2

Free Essay

Lab 7 Circuits

...EMNG 1001 CIRCUIT ANALYSIS LAB #7 – Multisim Date: Student Name & IDN: Lab Partner Name & IDN: ___________________________________________________ ____________________________________________________ ____________________________________________________ Notes: 1. Practice safety at all times. Anyone not following safety rules and practices will NOT be permitted to continue with the lab and a “Zero” grade will be applied to the affected student(s). 2. Read and follow ALL lab instructions provided. 3. Answer all questions, neatly, clearly and concisely, on supplied forms. 4. If additional space is required for any work, it must be typed and included as attachments to the main lab report. Make sure all attachments are titled and serially labeled as Attachment A, B, C, etc. 5. Labs are only conducted during scheduled lab times and cannot be made up. A grade of “Zero” will be assigned for missed labs. 6. Complete lab reports are to be submitted at the very next lab class on an alternating week basis.  Students assigned an odd number will hand in a complete lab report for all odd numbered labs (LABS 1, 3, 5, 7, 9).  Students assigned an even number will hand in a complete lab report for all even numbered labs (LABS 2, 4, 6, 8, 10). 7. Upon completion of lab, make sure that the professor reviews and signs off on the lab cover page. If the lab is not signed by the professor or lab supervisor, a grade of “Zero” will be assigned. Professor’s Ack. ________________________________________________ ...

Words: 574 - Pages: 3

Free Essay

Pt1420 Lab 7

...Lab 7.1 Module main () Declare String keepGoing = “y” While keepGoing == “y” Declare String clientName = “ “ Declare Real feetUTP = 0 Declare Real subTotal = 0 Declare Real taxCost = 0 Declare Real totalCost = 0 Call inputData (feetUTP, clientName) Call calcCosts (feetUTP, subTotal, taxCost, totalCost) Call displayBill (clientName, totalCost) End While End Module Lab 7.2 Lab 7.3 Module Main() Declare integer toPower = 2 Declare integer number = 2 Declare integer counter = 0 While Counter < 7 Set toPower = 2^Number Display 2 to the power of, “number,” is,”toPower,” Counter += 1 Number += 1 End While End Module Lab 7.4 Lab 7.5 Module Module1 Sub Main() Dim keepGoing As String = "yes" Do While keepGoing = "yes" pingMe() Console.Write("Enter yes if you want to run program again") keepGoing = Console.ReadLine() Loop Console.WriteLine("Press enter to continue. ..") Console.ReadLine() End Sub Sub pingMe() Dim counter As Integer = 5 Do While counter > 0 Console.WriteLine("Count down . ") counter = counter - 1 Loop Console.WriteLine("Now ping. ..") Shell("Ping.exe 127.0.0.1", , True) Console.Out.WriteLine(" ") End Sub End Module Lab 7.6 Module Module1 Sub Main() Dim keepGoing As String = "y" ...

Words: 262 - Pages: 2

Premium Essay

Nt1210 Lab 7

...Chapter 7 Lab 7.1.1 Why is it impractical for an organization to own the entirety of a WAN? There are no limitations on WANs so they can be custom built for the size of the organization. Why is it favorable for an organization to maintain ownership of the entirety of the LAN? Because the purpose of organizational expansion. Table 7-1 WAN Physical Media MediaInfrastructureSummary UTPPhone linesThe quality of UTP may vary from telephone-grade wire to extremely high-speed cable. The cable has four pairs of wires inside the jacket. Each pair is twisted with a different number of twists per inch to help eliminate interference from adjacent pairs and other electrical devices. CoaxialTelevision cableCoaxial cabling is difficult to install, it is highly resistant to signal interference. In addition, it can support greater cable lengths between network devices than twisted pair cable. Fiber-opticConnecting networks between buildings.Uses a customized infrastructure to run dedicated connections; this is a costly option. Electric power linesThe bulk transfer of electrical energy.This type of media can be used with broadband over power lines (BPL), making use of the extensive infrastructure in place already. Lab 7.1 Review 1.How can cables like UTP and coaxial cable be used for long-distance communication in a WAN infrastructure? Where are these cables used most often? The quality of UTP may vary from telephone-grade wire to extremely high-speed cable. It uses most popular...

Words: 321 - Pages: 2

Free Essay

Lab Report 7

...Lab 7 Mechanical Properties of Polymers Student: Mikel Ricks Class: ME 3701-1 Instructor: Yang Mu This report contains experimental data and results regarding the mechanical properties of polymers. These tests were conducted under controlled environments to determine the tensile strength of certain polymers. Abstract This lab report was constructed from the results of testing the tensile strength of various polymers. These tests were done to determine the material properties, such as modulus of elasticity and the ultimate strength. The polymers that were tested were an acrylic and a nylon sample. Each specimen was placed in a tensile test machine and placed under load until failure. This is an important test because polymers are very lightweight and strong materials and it allows uses for them to be discovered by knowing their tensile strength. After the testing the data showed that the acrylic sample had a higher ultimate strength than the nylon sample. Table of Contents Title | Page No. | Introduction | 3 | Experimental Apparatus and Procedure | 4 | Results | 8 | Discussion | 10 | Conclusion | 10 | References | 10 | Homework | 11 | List of Nomenclature -Engineering Stress -Engineering Strain -Modulus of Elasticity -Ultimate Strength List of Figures and Tables Title | Page No. | Figure 1—Specimen Load Sample | 4 | Figure 2—Instron Machine | 4 | Figure 3—Nylon Stress Strain Curve | 5 | Figure 4—Acrylic Stress Strain Curve...

Words: 1575 - Pages: 7

Free Essay

Lab 7 Security

...NT1110T Wednesday May 9, 2012 Lab 7: Security Basics Task 1 Hardware and Software Firewalls Barracuda Networks has a wide variety of Software and Hardware firewalls. They produce Spam and Virus firewalls protection, Web Filtering, and Barracuda Central. Barracudas Spam and Virus protection uses different methods of keeping your network secure such as 12 Defense Layers, Barracuda Reputation and Intent Analysis ,Predictive Sender Profiling, Barracuda Real-Time Protection, Triple Layer Antivirus Protection, Image Spam Protection, PDF Spam Protection, Mail Transport and Policy, and Clustering. Barracuda’s Web filtering methods include Spyware Protection, Application Blocking, Content Filtering, and Content Categories. All of these methods are then filtered into Barracuda Central where the main hub of Barracuda’s security program works its filtering throughout the web. Barracuda Central Collects Data From All Over The World Barracuda Central collects emails, URLs and other data from all over the world. Barracuda Central has thousands of collection points located in over 100 countries. In addition, Barracuda Central collects data contributions from more than 100,000 Barracuda products in use by customers. Barracuda Central analyzes the data collected and develops defenses, rules and signatures to defend Barracuda's customers. You can purchase a Barracuda web router and use their personalized software for your computer system which is fed into the Barracuda hardware throughout...

Words: 876 - Pages: 4

Free Essay

Itt Lab 7 Lab Doc

...© Jones & Bartlett Learning, LLC. NOT FOR SALE OR DISTRIBUTION Lab #7 - Assessment Worksheet Using Encryption to Enhance Confidentiality and Integrity Course Name and Number: _____________________________________________________ john schenberger Student Name: ________________________________________________________________ Instructor Name: ______________________________________________________________ Lab Due Date: ________________________________________________________________ Overview In this lab, you learned how cryptography tools can be used to ensure message and file transfer integrity and how encryption can be used to maximize confidentiality. You used Kleopatra, the certificate management component of GPG4Win, to generate both a public and private key as both a sender and a receiver. You used the sender’s keys to encrypt a file, sent it to the receiver, and decrypted it using the receiver’s copy of the keys. Lab Assessment Questions & Answers 1. If you and another person want to encrypt messages, should you provide that person with your public key, private key, or both? The public key is the only key that I will share with another person as part of the handshake in order of the encryption take place. 2. What does Kleopatra allow you to do once it is installed? Kleopatra allow you to encrypted messages, files and text with a private key. 3. What key type was used to create the certificate on Kleopatra? What other types of encryption key types...

Words: 285 - Pages: 2

Free Essay

Week 7 Lab

...ITT Tech | Week 7 Comparison of RADIUS and DIAMETER | [Type the document subtitle] | Jackie Cooper 2/5/2014 | Remote Authentication Dial In User Service (RADIUS) is a networking protocol that provides centralized Authentication, Authorization, and Accounting (AAA) management for users that connect and use a network service. RADIUS was developed by Livingston Enterprises, Inc. in 1991 as an access server authentication and accounting protocol and later brought into the Internet Engineering Task Force (IETF) standards. Because of the broad support and the ubiquitous nature of the RADIUS protocol, it is often used by ISPs and enterprises to manage access to the Internet or internal networks, wireless networks, and integrated e-mail services. These networks may incorporate modems, DSL, access points, VPNs, network ports, web servers, etc. RADIUS is a client/server protocol that runs in the application layer, using UDP as transport. The Remote Access Server, the Virtual Private Network server, the Network switch with port-based authentication, and the Network Access Server (NAS), are all gateways that control access to the network, and all have a RADIUS client component that communicates with the RADIUS server. RADIUS is often the backend of choice for 802.1X authentication as well. The RADIUS server is usually a background process running on a UNIX or Microsoft Windows server. Diameter is an authentication, authorization, and accounting protocol for computer...

Words: 669 - Pages: 3

Free Essay

Lab 7 Troubleshooting

...AMIBIOS is a kind of BIOS manufactured by American Megatrends (AMI). Many popular motherboard manufacturers have integrated AMI's AMIBOS into their systems. The error of six beeps means that there has been an 8042 Gate A20 test error. This beep code is usually caused by an expansion card that has failed or the motherboard that is no longer working. Step 1. Six Beeps- 8042 Gate A20 test error is usually caused by an expansion card failure or that the motherboard that is no longer working. Step 2. Determine if it is the expansion card failure or that the motherboard is no longer working. Step 3. Power on the computer or restart. Listen to beeps very carefully. Step 4. Update the BIOS, replace Expansion Card, and replace the motherboard, if necessary. Step 5. Power on computer after installation of updated BIOS, or the Expansion Card, or the replaced motherboard. Step 6. Ensure to document all processes with outcomes before during and after installation of each program. Phoenix BIOS is manufactured by Phoenix Technologies.The beep codes from a Phoenix-based BIOS may be exactly the same as the true Phoenix beep codes and they may vary. A 1-3-1-3 beep code pattern means that the 8742 keyboard controller test has failed. This usually means that there is a problem with the currently connected keyboard but it could also indicate a motherboard issue. Step 1. 1-3-1-3 beep pattern, it means that ther is a problem with the keyboard or motherboard issue. Step 2. 8742 keyboard controller...

Words: 521 - Pages: 3

Premium Essay

Nt1210 Lab 7

...1. There are no limitations on WAN’s so they can be custom built for the size of the organization. 2. For the purpose of organizational expansion. 7.1.2: 1. The longer the distance the more chances that you have for signal loss and lack of signal strength. 7.1.3: Media | Infrastructure | Summary | UTP | Phone Lines | Is not suitable for sending data | Coaxial | Television Cable | Supports 10 to 100Mbps and is relatively inexpensive, although more costly than UTP. | Fiber-Optic | Fiber-Optic Cable | Uses a customized infrastructure to run dedicated connections; This is a costly option | Electric Power Lines | Power Lines | This can be used with Broadband over power lines (BPL), making use of the extensive infrastructure in place already. | 7.1.4: Media | Summary | Satellite | Transmits from ground to space then back to where the transmission is required to be sent | WiMAX ( Worldwide Interoperability for Microwave Access) | Used for transmitting a wireless network that could be many miles wide. | HSPA+ (Evolved High-Speed Packet Access) | Used for telecom companies to transfer from towers at 4G speeds. | Radio Frequency | Uses radio waves to transmit information | 7.2.1: A leased line is also referred to as a dedicated line, because it is dedicated to the two locations it is connecting to. Data and information are transmitted without the use of the internet. This makes the connection secure, and files sent over the connection are safe from...

Words: 551 - Pages: 3