Premium Essay

Lab 8 Assessment

In: Computers and Technology

Submitted By fatty240
Words 849
Pages 4
1. Why is it critical to perform a penetration test on a Web application and a Web server prior to production implementation? To make sure no attackers can penetrate your web application before the Web App goes live. It is critical to perform a penetration test on a Web application because the Web application is running on an Application Server or a Web Server, if an attacker is able to access the application code for how the database is called, it may be able to retrieve information about the database (name, attributes, IP address, etc.) and or access the Web Server and attempt a DoS attack. If a Web form cannot handle the unexpected data and fails to return the expected outcome. You have uncovered a vulnerability in this form; penetration testing in this area help IT security identify the vulnerabilities a Web Application may have.
2. What is a cross-site scripting attack? The goal of an XSS attack is see if the Web Application allows the attacker to have administrative read/write access to the functionality of the Web Application. This attack is a type of computer security vulnerability typically found inweb applications that enables attacks to inject client-side script into web pages viewed and accessed by other users.
3. What is a reflective cross-site scripting attack? If the attacker can type a script in a text field and the script alters or creates a pop-up display, the attacker can use these windows to navigate users off the Web Application pages and to constructed pages with malicious code. They can also spoof the pages with the intent to steal credentials from users accessing the pages. This attack is a security vulnerability, which the web application dynamically generates a response using non-sanitized data from client scripts, like Java scripts or VB script, in the data sent to the server and will send back a page with the script.
4. What common...

Similar Documents

Premium Essay

Module 3 Essay

...Syllabus NT1210 Introduction to Networking SYLLABUS Credit hours: 4.5 Contact/Instructional hours: 56 (34 Theory, 22 Lab) Prerequisite: NT1110 Computer Structure and Logic or equivalent © ITT Educational Services, Inc. All Rights Reserved. -1- 05/08/2013 Introduction to Networking SYLLABUS COURSE SUMMARY COURSE DESCRIPTION This course serves as a foundation for the study of computer networking technologies. Concepts in data communications, such as signaling, coding and decoding, multiplexing, circuit switching and packet switching, OSI and TCP/IP models, LAN/WAN protocols, network devices and their functions, topologies and capabilities are discussed. Industry standards and the development of networking technologies are surveyed in conjunction with a basic awareness of software and hardware components used in typical networking and internetworking environments. MAJOR INSTRUCTIONAL AREAS 1. Networking fundamentals 2. The OSI model and its use in networking 3. LANs, WANs, MANs and their implementation 4. Physical layer fundamentals 5. Basics of the data link layer 6. The functions of TCP/IP 7. IP addressing, subnetting, and supernetting 8. Diagramming the physical components that comprise a network 9. Logic created by the interconnectivity of network components 10. Applying network security 11. Future developments in networking COURSE OBJECTIVES 1. Explain key networking concepts and terminology. 2. Identify the......

Words: 4795 - Pages: 20

Premium Essay

What

...Documentation LAB 2 Introduction In this lab, you will learn how to use several different applications and interfaces to identify and document an IP network design and schema. Chief among these is PuTTY, which you used in Lab #1. The primary use of PuTTY is to establish Telnet and SSH sessions to remote servers. You will use PuTTY to collect information about those resources. You will also use Wireshark to capture packet data from the sessions you establish with PuTTY. Learning Objectives Upon completing this lab, you will be able to: • Develop a plan for identifying and documenting the logical IP network design and IP addressing schema based on data collected from Lab #1 • Use PuTTY to establish Telnet and SSH to the IP addresses of the identified interfaces on Cisco routers, switches, and firewalls • Use Cisco show commands to display the MAC-layer addresses of Ethernet ports, IP addressing schema, and subnet mask addressing used throughout the IP networking infrastructure • Document the MAC addresses and IP addresses of the IP networking infrastructure • Document the IP host addresses of the VM server farm hosts TOOLS AND SOFTWARE USED NAME Wireshark PuTTY Cisco IOS MORE INFORMATION http://www.wireshark.org/ http://www.chiark.greenend.org.uk/~sgtatham/putty/ http://www.cisco.com/warp/cpropub/45/tutorial.htm 17 38504_LMxx_Lab02.indd 17 8/30/12 7:51 PM 18 LAB #2 | Network Documentation Deliverables Upon completion of this lab, you are......

Words: 1982 - Pages: 8

Free Essay

114 Outline

...Lecture Times & Location: Tutorial Day, Time and Location can be found at: Spring Session, Wollongong Campus 6 credit points 2 Hours Lec, 2 Hours Lab Wed 10:30-12:30 67-104 http://www.uow.edu.au/student/timetables/index.html Time 9:00 - 11:00am 1:30 - 3:30pm Dr Mark Sifer 4221 4919 msifer @uow.edu.au 39.219 Students should check the subject's web site regularly as important information, including details of unavoidable changes in assessment requirements will be posted from time to time via MOODLE http://www.uow.edu.au/student/ . Any information posted to the web site is deemed to have been notified to all students. Subject Description: The aims of this subject are to consolidate and extend student's knowledge and skills in structured programming and to introduce them to the concepts and practice of object oriented programming. To achieve this aim the subject will provide students with an opportunity to develop further programming skills and good coding style; develop skills in using the object-oriented concepts of inheritance, encapsulation, construction, access control, overloading and messaging; develop and display competency in the design and implementation of object-oriented programs to solve business problems. file:///C|/Users/sueli/Desktop/Subject%20outlines%20approved/ISIT114%20Object%20Oriented%20Programming.htm[23/07/2014 8:49:59 AM] ISIT114 Subject Objectives:...

Words: 2995 - Pages: 12

Premium Essay

Lab 24 Science

...# Lab Title 1 Performing Reconnaissance and Probing using Common Tools 2 Performing a Vulnerability Assessment 3 Enabling Windows Active Directory and User Access Controls 4 Using Group Policy Objects and Microsoft Baseline Security Analyzer for Change Control 5 Performing Packet Capture and Traffic Analysis 6 Implementing a Business Continuity Plan 7 Using Encryption to Enhance Confidentiality and Integrity 8 Performing a Web Site and Database Attack by Exploiting Identified Vulnerabilities 9 Eliminating Threats with a Layered Security Approach 10 Impementing an Information Systems Security Policy# Lab Title 1 Performing Reconnaissance and Probing using Common Tools 2 Performing a Vulnerability Assessment 3 Enabling Windows Active Directory and User Access Controls 4 Using Group Policy Objects and Microsoft Baseline Security Analyzer for Change Control 5 Performing Packet Capture and Traffic Analysis 6 Implementing a Business Continuity Plan 7 Using Encryption to Enhance Confidentiality and Integrity 8 Performing a Web Site and Database Attack by Exploiting Identified Vulnerabilities 9 Eliminating Threats with a Layered Security Approach 10 Impementing an Information Systems Security Policy# Lab Title 1 Performing Reconnaissance and Probing using Common Tools 2 Performing a Vulnerability Assessment 3 Enabling Windows Active Directory and User Access Controls 4 Using Group Policy Objects and Microsoft Baseline Security Analyzer for Change......

Words: 426 - Pages: 2

Premium Essay

Network Security

...108 Lab #8 | Design a Layered Security Strategy for an IP Network Infrastructure Lab #8 – aSSESSmENT WORkSHEET Design a Layered Security Strategy for an IP Network Infrastructure Course Name and Number: Student Name: Instructor Name: Lab Due Date: Overview In this lab, you designed a layered security strategy, similar to the seven domains of a typical IT infrastructure, for the Cisco Mock IT infrastructure shown in Figure 8.2. You based your design on a set of functional and technical requirements. You also provided a written functional overview and description of how your security strategy meets the defined requirements. Lab Assessment Questions & Answers 1. Explain why a layered security strategy helps mitigate risk and threats both external and internal. 2. Why is it a good idea to put shared servers and services on a DMZ when both internal and external users need access? Assessment Worksheet 3. What recommendations do you have for the future e-commerce server and deployment in regard to 109 physical location and backend security for privacy data and credit card data? 4. What recommendations do you have to secure the server farm from unauthorized access? 5. If the organization implemented wireless LAN (WLAN) technology, what would you recommend regarding the use of VPNs or encryption within the internal network when accessing the server farm? 6. What is the purpose of a proxy server on a DMZ? 7. What is the purpose of an......

Words: 314 - Pages: 2

Premium Essay

Labs Rto

...efficient and accurate recovery instructions. In this lab, you applied the same concepts of disaster recovery backup procedures and recovery instructions to your own data. You explained how you can lower RTO with proper backup and recovery procedures, defined a process for IT system and application recovery procedures, identified a backup solution for saving your own data, and tested and verified your backups for RTO compliance. Lab Assessment Questions & Answers 1. How do documented backup and recovery procedures help achieve RTO? 2. True or false: To achieve an RTO of 0, you need 100 percent redundant, hot-stand-by infrastructure (that is, IT system, application, data, and so on).   9 Develop Disaster Recovery Backup Procedures and Recovery Instructions 80 Lab #9 | Develop Disaster Recovery Backup Procedures and Recovery Instructions 3. What is most important when considering data backups? 4. What is most important when considering data recovery? 5. What are the risks of using your external e-mail box as a backup and data storage solution? 6. Identify the total amount of time required to recover and install the Lab #1 through Lab #8 Assessment Worksheets and to open the files to verify integrity. (Calculate your timed RTO using your computer clock and your documented instructions.) 7. Did you achieve your RTO? What steps and procedures can you implement to help drive RTO even lower? 8. What are some recommendations for lowering the RTO......

Words: 358 - Pages: 2

Premium Essay

Information Security

...JONES & BARTLETT LEARNING INFORMATION SYSTEMS SECURITY & ASSURANCE SERIES LABORATORY MANUAL TO ACCOMPANY Security Strategies in Windows Platforms and Applications 1E REVISED 38542_FMxx.indd i 9/5/12 10:48 AM World Headquarters Jones & Bartlett Learning 5 Wall Street Burlington, MA 01803 978-443-5000 info@jblearning.com www.jblearning.com Jones & Bartlett Learning books and products are available through most bookstores and online booksellers. To contact Jones & Bartlett Learning directly, call 800-832-0034, fax 978-443-8000, or visit our website, www.jblearning.com. Substantial discounts on bulk quantities of Jones & Bartlett Learning publications are available to corporations, professional associations, and other qualified organizations. For details and specific discount information, contact the special sales department at Jones & Bartlett Learning via the above contact information or send an email to specialsales@jblearning.com. Copyright © 2013 by Jones & Bartlett Learning, LLC, an Ascend Learning Company All rights reserved. No part of the material protected by this copyright may be reproduced or utilized in any form, electronic or mechanical, including photocopying, recording, or by any information storage and retrieval system, without written permission from the copyright owner. The Laboratory Manual to accompany Security Strategies in Windowa Platforms and Applications is an independent publication and has not been authorized, sponsored, or......

Words: 25969 - Pages: 104

Premium Essay

Accounting

...------------------------------------------------- Graded Assignment Requirements Assignment Requirements documents provided below must be printed and distributed to students as the guidance for completing the assignments and submitting them for grading. Instructors must remind students to retain all handouts and assignment documents issued in every unit, as well as student-prepared documentation and graded deliverables. Some or all these documents will be used repeatedly across different units. Unit 1. Lab 1. Preparing a Virtual Workstation Image Windows 7 Virtual Machine “Keyless” Installation and Re-arm Process Purpose: This section describes the reason for and the procedure to use the “keyless” installation for Windows 7 Professional applicable to our lab environment for IT109/NT1230, and to use the “Re-arm” procedure to extend the trial period to meet our curriculum needs. Background: In installing Windows 7 Professional into a virtual machine in the VMware Player for the labs in our lab environment, if the Product Key for Windows 7 Professional is applied and activated during or at the end of the installation, the installed virtual machine will be authorized to launch only from the physical computer from which it was installed, as Microsoft registers the product key to associate with the hardware identity of the physical computer in their antipiracy database during the activation process. Subsequently, if the virtual machine is launched from a......

Words: 5558 - Pages: 23

Premium Essay

Health Assessment Family

...COLLABORATIVE BACHELOR OF SCIENCE IN NURSING PROGRAM (University of Windsor, Lambton College, St. Clair College – Windsor & Thames) Health Assessment NRS 63-166 Fall 2011 Site: St Clair College, Thames Campus Teaching Faculty Linda O’Halloran Phone: 519-354-9714 Ext. 3233 E-mail: lohalloran@stclaircollege.ca Office Hours: Monday’s 1100 – 1200, Tuesday’s 1000 - 1600 or by appointment Course Location Room 118 Course Times: Monday’s 1200 – 1400 – lecture Labs: weekly- either Monday or Tuesday as per your schedule Lab Teaching Instructor Maureen Eyres Andrea Reddam Vanessa Schinkel ©Collaborative BScN Program 2010 ALL RIGHTS RESERVED INTRODUCTION TO COLLABORATIVE BScN PROGRAM Mission Statement As partners, the Faculty of Nursing at the University of Windsor with St. Clair College (Windsor and Thames Campuses) and Lambton College (Sarnia) undertake the shared commitment to excellence in the preparation of Bachelor of Science in Nursing (BScN) candidates who embody our core values and the best elements of the art and science of nursing, education, leadership, research, and practice in their professional journeys. Vision EXCELLENCE in nursing education, practice, and research. Core......

Words: 4870 - Pages: 20

Free Essay

Is4670 Week 3 Lab

...Week 3 Laboratory Week 3 Lab Part 1: Automate Digital Evidence Discovery Using Paraben’s P2 Commander Learning Objectives and Outcomes Upon completing this lab, students will be able to complete the following tasks: * Open an existing case file using P2 Commander * Analyze the data in the image and the files saved in the case * Sort and identify evidence file types in a case using Paraben's P2 Commander forensic tool * Use P2 Commander to identify information for potential evidence contained in chat logs such as Skype chat * Analyze the contents of user profiles and data using the P2 Commander browser Week 3 Lab Part 1 - Assessment Worksheet Overview View the Demo Lab available in the Practice section of Learning Space Unit 5 and then answer the questions below. The video will demonstrate the use of Paraben's P2 Commander and outline the different forensics capabilities of the tool. Lab Assessment Questions & Answers 1. When talking about Information Security, what does the 'CIA' stands for? CIA in information security stands for confidentiality, integrity and availability. 2. When would it be a good practice to classify data? It would be a good practice to classify data when you need to extract files from a hard drive or system for investigating in order to accurately organize the findings. 3. What is Security classification? Security classification is the security level assigned to a government document,......

Words: 635 - Pages: 3

Free Essay

Spanish

...2010 :Intermediate Spanish I Semester: Fall 2013 Instructor: Dora Berry Office: Jones 217 e-mail: aberry@memphis.edu Office Hours: MWF from 7:15am to 7:45am or MW from 11:30am to 12:30 by appointment TR from 7:15am to 8:30am or TR from 1pm to 1:30pm by appointment SCHEDULE OF CLASSES (Classes meet 2x a week (T TH) for 1 hr. 25 minutes) Día T 8/27 Objetivos  Learn terms for rooms in a house, common household objects, and chores  Make recommendations, make polite requests & organize work  Learn rules for capitalization in Spanish  Combine sentences using relative pronouns  Give orders or advice to people you address with tú En clase  First day of classes (Drop/Refund Deadlines)  Introduction to course / Syllabus overview  Lección 12: Introduction, p. 403  Contextos, pp. pp. 404– 407  Fotonovela, pp. 408–410  Ortografía, p. 411  Estructura 12.1 Relative pronouns, pp. 414–417  Estructura 11.1 Familiar commands, pp. 378–381 Tarea para la próxima clase -Supersite: Lección 12  Estructura 12.1 Practice, Workbook, and Lab Manual activities  Estructura 11.1 Practice, Workbook, and Lab Manual activities TH 8/29 -Supersite: Lección 12  Estructura 12.2 Practice, Workbook, and Lab Manual activities  Estructura 12.3 Practice, Workbook, and Lab Manual activities [Flash cultura: Practice activities] M 9/2 T 9/3 LABOR DAY: NO CLASS  Give orders or advice to people you address with usted or ustedes  Express attitude towards hypothetical or......

Words: 1839 - Pages: 8

Premium Essay

Audit

...Student Lab Manual © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LL NOT FOR SALE OR DISTRIBUT © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION Student Lab Manual © Jones & Bartlett Learning, LLC © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LL NOT FOR SALE OR DISTRIBUT Auditing IT Infrastructures for Compliance © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION IS4680 © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LL NOT FOR SALE OR DISTRIBUT © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett©Learning, LLC Learning, LLC, an Ascend Learning Company Bartlett Current Version Date: 11/21/2011 © Jones & Learning, LLC Copyright 2013 by Jones & Bartlett www.jblearning.com! NOT FOR SALE OR......

Words: 30948 - Pages: 124

Premium Essay

Lab #10

...Lab #10 Assessment Questions & Answers Network/Security Assessment Questionnaire Network Assessment – Required Information 1. Do you have detailed logical network drawings? If so, please attach. 2. What Directory service, if any, is in use? 3. How many network elements do you have? List each, including make and model or attach list. 5 4. Have you configured multiple networks on this infrastructure? no 5. What internal (RFC1918 or otherwise not-Internet-routable) IP address ranges do you use? 6. What external (Internet routable) address ranges do you use? 7. What protocols are in use on your network? 8. What is the role of each network? (Attach list if multiple networks.) 9. How many hosts do you have on the network? 10. What operating systems are used among your servers and workstations? 11. What applications rely on your network(s)? 12. How many Internet-exposed servers are on your network? 13. What applications do you use to manage your network(s)? 14. What geographic locations connect to your network(s)? 15. What are your future growth plans for your network(s)? Security Assessment – Required Information 1. Do you have firewalls, ACLs, or other types of traffic filters in place within your network? If yes, please describe. 2. What is the general firewall policy: Default permit, default deny inbound, default permit outbound? 3. Do you have any other filtering technologies implemented at the network or......

Words: 708 - Pages: 3

Premium Essay

Diploma

...information technology. Principles of Information Technology is a course that will provide students with computer skills necessary to be successful in “real world” personal and business situations. Students will use Microsoft Office to learn word processing, desktop publishing, presentation software, spreadsheets, and databases. COURSE OUTCOMES On completion of the course, students will be able to: 1. Demonstrate an understanding of basic information technology concepts and principles 2. Describe major components of information systems 3. Discuss business applications of information systems 4. Use Office application software and apply the computer skills effectively METHODS OF TEACHING Lectures and tutorials/lab practices INSTRUCTIONAL MATERIALS Major Reference Texts: |Author |Date |Title/ISBN |Publisher | |Gary B. Shelly and Misty|2009...

Words: 1347 - Pages: 6

Free Essay

Is404 Week 1 Lab

...Week 1 Lab Part 1 - Assessment Worksheet Assess the Impact on Access Controls for a Regulatory Case Study Overview Watch the Demo Lab in the Week 1 Learning Space Unit 1, and answer the questions below. The lab demonstrates creating an Active Directory domain as well as user and group objects within the new domain. Directories will be created and permissions assigned based on the required access control as defined in the matrix. Group Policy Objects will also be created and linked to Objects within the domain to enforce security settings. Lab Assessment Questions & Answers 1. What does DACL stand for and what does it mean? Discretionary access control List (DACL) is a type of access control defined by the Trusted Computer System Evaluation Criteria "as a means of restricting access to objects based on the identity of subjects and/or groups to which they belong 2. Why would you add permissions to a group instead of the individual? It is more resourceful and less time consuming. 3. List at least 3 different types of access control permissions available in Windows. Full Control, Modify, Execute, Read, Write 4. What are the least permissions that you need in order to view the contents of a folder? Read, so the user has access to any file on the system that they are entitled to, but they are not able to make any changes. 5. What are other available Password Policy options that could be enforce to improve security? ...

Words: 1093 - Pages: 5