Lab #8 Perform a Website & Database Attack by Exploiting Identified Vulnerabilities
Lab #8 Perform a Website & Database Attack by Exploiting Identified VulnerabilitiesLab #8 – Assessment Worksheet
Perform a Website & Database Attack by Exploiting Identified Vulnerabilities
LAB Assessment Questions & Answers
1. Why is it critical to perform a penetration test on a web application prior to production
To make sure no one can penetrate your web application before you put it in a live situation.
2. What is a cross-site scripting attack? Explain in your own words.
Cross-site scripting is a type of computer security vulnerability typically found in web applications that enables attacks to inject client side script into web pages viewed by others
3. What is a reflective cross-site scripting attack?
A reflective attack a type of computer security vulnerability it involves the web application dynamically generating a response using non-sanitized data from the client scripts, like Java scripts or VB script, in the data sent to the server will send back a page with the script
4. What common method of obfuscation is used in most real world SQL attacks?
methods, including character scrambling and masking, numeric variance and nulling, rely on an array of built-in SQL Server system functions that are used for string manipulation.
5. Which web application attack is more prone to extracting privacy data elements out of a database?
SQL injections can be used to enter the database with administrator rights, best way to avoid this using Java on the website.
6. If you can monitor when SQL injections are performed on an SQL database, what would you
recommend as a security countermeasure to monitor your production SQL databases?
Well co-ordinated and regulary audited security checks is the best way forword.
7. Given that Apache and Internet Information Services (IIS) are the two most popular web application
servers for Linux and Microsoft Windows platforms, what would you do to identify known software
vulnerabilities and exploits?