Exploiting Known Web Vulnerabilities on a Live Web Server

User Generated

YNSYBS114

Computer Science

Description

n this lab, you will evaluate the list of the ten most critical web application security risks as determined by OWASP. You will describe how hackers might use these types of attacks to compromise websites and web applications. Finally, you will use the DVWA to perform some of the most common web application attacks: a brute force attack, a cross-site request forgery (CSRF) attack, a file inclusion (upload) attack, a SQL injection attack, and a cross-site scripting attack (XSS).

Follow the steps below to complete this assignment:

  1. 1. Carefully read through the Student Lab Guide. It provides detailed instructions for accessing and completing the labs in this course.
  2. 2. Open the Lab 4 Assessment Worksheet.* Save a copy of the worksheet to your computer; this will allow you to fill it out electronically and save your answers. You will complete this worksheet and submit it to your instructor after you have completed the hands-on portion of the lab. However, it is strongly recommended that you read through the worksheet before you begin.
  3. 3. Click the Lab Link in the module folder to enter the virtual lab environment.
  4. 4. Read through all the material under the Intro and Steps tabs before you start working.
  5. 5. Follow the step-by-step instructions under the Steps tab to perform the lab. Note: You will not be completing a lab report, so you can disregard instructions to make screen captures.
  6. 6. After completing the hands-on lab, complete and submit the Lab 4 Assessment Worksheet. Use the worksheet that you saved to your computer. Be sure to save it again before submitting it.

Unformatted Attachment Preview

Assessment Worksheet Exploiting Known Web Vulnerabilities on a Live Web Server Course Name and Number: _____________________________________________________ Student Name: ________________________________________________________________ Instructor Name: ______________________________________________________________ Lab Due Date: ________________________________________________________________ Overview In this lab, you evaluated the list of the 10 most critical Web application security risks as determined by OWASP. You described how hackers might use these types of attacks to compromise Web sites and Web applications. Finally, you used the DVWA (Damn Vulnerable Web Application) to perform some of the most common Web application attacks: a brute force attack, a cross-site request forgery (CSRF) attack, a file inclusion (upload) attack, a SQL injection attack, and a cross-site scripting attack (XSS). Lab Assessment Questions & Answers 1. What are the OWASP Top 10? 2. What is a brute force attack and how can the risks of these attacks be mitigated? 3. Explain a scenario where a hacker may use cross-site request forgery (CRFS) to perform authorized transactions. 4. What are the Web application attacks that you performed in this lab using the DVWA? Copyright © 2014 by Jones & Bartlett Learning, LLC, an Ascend Learning Company. All rights reserved. www.jblearning.com Student Lab Manual 5. Phishing is the practice of trying to obtain extra personal information such as passwords or banking details while using the guise of a trusted Web site. What type of Web application vulnerability is exploited by hackers who use a phishing page on a Web site? 6. What could be the impact of a successful SQL injection? 7. What would finding the URL http://www.testurl.com/../../../../../../../../../../../../etc/passwd in your Web logs indicate? 8. How would you ensure security between a Web application and an SQL server? Copyright © 2014 by Jones & Bartlett Learning, LLC, an Ascend Learning Company. All rights reserved. www.jblearning.com Student Lab Manual
Purchase answer to see full attachment
User generated content is uploaded by users for the purposes of learning and should be used following Studypool's honor code & terms of service.

Explanation & Answer

check at the solution to the assignment please

Assessment Worksheet
Exploiting Known Web Vulnerabilities on a Live Web Server
Course Name and Number: _____________________________________________________
Student Name: ________________________________________________________________
Instructor Name: ______________________________________________________________
Lab Due Date: ________________________________________________________________

Overview
In this lab, you evaluated the list of the 10 most critical Web application security risks as
determined by OWASP. You described how hackers might use these types of attacks to
compromise Web sites and Web applications. Finally, you used the DVWA (Damn Vulnerable
Web Application) to perform some of the most common Web application attacks: a brute force
attack, a cross-site request forgery (CSRF) attack, a file inclusion (upload) attack, a SQL
injection attack, and a cross-site scripting attack (XSS).

Lab Assessment Questions & Answers
1. What are the OWASP Top 10?
OWASP stand...


Anonymous
Great! Studypool always delivers quality work.

Studypool
4.7
Trustpilot
4.5
Sitejabber
4.4

Similar Content

Related Tags