Clayton State University Cross Site Scripting and SQL Injection Questions

User Generated

nhfgvay08

Writing

Clayton state university

Description

The Operating System (OS) is the most important component of our computer system. Performing installs, maintenance, and patches can pose a variety of challenges to secure. For example, with the reliance on software-as-a-service (SaaS) providers increases in organizations, it is becoming more and more important for SaaS providers to create secure products and services. One process that can help in these efforts is to competently secure and test OS applications with security in mind. Additionally, it is relevant for security testers to understand certain hacking techniques that could be used by hackers in order to ensure OS products and services are not prone to certain attacks, such as cross-site scripting and SQL injection. In the lab, you will perform an activity to execute attacks that can be handled by the operating system level.​

Directions

Address each of the following in the Word document that contains your screenshots. Clearly label each section.

  1. The scripts in this lab are all typed in clear text to make it easier for you to understand the process. Often hackers will use hexadecimal character strings instead of clear text to make the scripts harder to detect.
    • Explain the controls provided in the lab that can be used to avoid issues with clear text passwords.
  2. Poorly designed or improperly secured web forms can be exploited to output passwords, credit card information, and many kinds of other data. In this lab, you inserted a series of SQL statements into a web form to find and then exploit an SQL injection vulnerability.
    • Explain, in detail, how SQL Injection attacks are used to extract privacy data elements out of a database.
    • Describe a control used to prevent SQL Injection attacks.
  3. In this lab, you are asked to Type 'UNION SELECT 'test', '123' INTO OUTFILE 'test1.txt and click Submit.Together with the information you gathered in earlier tests, you now have a user with elevated permissions, user IDs, passwords, and the table structure where all this data is being held—in other words, an injectable database.
    • Analyze the complete lab experience and explain how the hacker can accomplish this type of breach.
  4. Today, nearly all data is stored in a database and this can create issues for data security. Identify and explain how a common attack aimed specifically at databases works.

*** I'll complete the lab experience part**

Unformatted Attachment Preview

Assignment 8 Assignment 8
Purchase answer to see full attachment
User generated content is uploaded by users for the purposes of learning and should be used following Studypool's honor code & terms of service.

Explanation & Answer

Hey buddy am through check it out

Running head: CROSS-SITE SCRIPTING AND SQL INJECTION

Cross-Site Scripting and SQL Injection
Author
Date
Professors Name

1

CROSS-SITE SCRIPTING AND SQL INJECTION

2

Explain the controls provided in the lab that can be used to avoid issues with clear text
passwords.
Cross-Site Scripting

In a web setting, enable the HTTPS, which is essentially a newer version of SSL and
ensures the data transmitted or handled is encrypted. The process involves letting the server and
client perform negotiation concerning encryption methods and complete a key exchange, prior to
any data being transmitted. Also, hash the password client-side (meaning storing the password in
plaintext) while on the server side perform hashing and salting the password. This means first
adding a random salt which can be stored in plain text (password + salt) followed by hashing the
entire file. The hashing...


Anonymous
Really helpful material, saved me a great deal of time.

Studypool
4.7
Trustpilot
4.5
Sitejabber
4.4

Related Tags