SlideShare a Scribd company logo

example of sql injection

CARMEN ALCIVAR
CARMEN ALCIVAR

Carmen Alcivar completed a lab assignment for her Foundations of Information Assurance course at Northeastern University. The assignment involved attacking a vulnerable web application and database. She performed tests like SQL injection and cross-site scripting attacks. Carmen provided screenshots and explanations of her results. She demonstrated techniques for discovering database structure and vulnerabilities. Overall, the assignment aimed to help Carmen learn how to identify security issues through penetration testing before software is deployed.

1 of 9
Download to read offline
<Carmen Alcivar> NORTHEASTERN UNIVERSITY 360 Huntington Ave, Boston, MA. LAB ASSIGNMENT 6 – FOUNDATIONS OF INFORMATION ASSURANCE (IA5010)
Contents Lab #15: Attacking a Vulnerable Web Application and Database ................................................2 a. Assessment Sheet........................................................................................................................2 b. Challenge Question.....................................................................................................................3 c. Screenshots: ................................................................................................................................3
Lab #15: Attacking a Vulnerable Web Application and Database a. Assessment Sheet Course Name and Number: Foundations of Information Assurance – IA5010 Student Name: <Carmen Alcivar> Instructor Name: Derek Brodeur Lab Due Date: <2/21/16> Lab Assessment Questions & Answers 1. Why is it critical to perform a penetration test on a Web application and a Web server prior to production implementation? Performing penetration tests on a Web application and a Web server prior to production implementation is a critical step in ensuring the confidentiality, integrity, and availability (CIA) of the Web application or service. It is imperative to perform penetration test in order to protect customer’s private information that will be entered via the Web application. There are also laws regulating the confidentiality of customer’s data. 2. What is a cross-site scripting attack? Explain in your own words? A cross-site scripting attack is the type of attack that exploit a cross-site scripting (XSS) vulnerability in a Website. It is subject to a SQL injection attack on the Web application's SQL database. XSS is the malicious insertion of scripting code to extract data or modify a Web site’s code, application, or content. 3. What is a reflective cross-site scripting attack? The reflective cross-site scripting attack is a non-persistent attack in which all input shows output on the user’s/attacker’s screen and does not modify data stored on the server. 4. Based on the tests you performed in this lab, which Web application attack is more likely to extract privacy data elements out of a database? The reflective cross-site scripting attack is the type of attacks that allows you to extract privacy data elements out of a database. 5. If you can monitor when SQL injections are performed on an SQL database, what would you recommend as a security countermeasure to monitor your production SQL databases? I would recommend the use of Simple Network Management Protocol (SNMP) alerts which allows Database administrators to monitor their SQL databases for unauthorized or abnormal SQL injections and write scripts for alarming as well as. Encrypting the data elements that reside in long-term storage of the SQL database is another option. 6. Given that Apache and Internet Information Services (IIS) are the two most popular Web application servers for Linux and Microsoft® Windows platforms, what would you do to identify known software vulnerabilities and exploits?
I could search the CVE listing using the keyword Apache to find all known Apache vulnerabilities and exploits. This allows to include all software patches and security patches on the production Web servers to remediate critical and major software vulnerabilities before the application is released. 7. What can you do to ensure that your organization incorporates penetration testing and Web application testing as part of its implementation procedures? Penetration testing should be part of the policy. The organization's security policy should dictate that no production Web application can be implemented without proper penetration testing and security hardening. 8. What is the purpose of setting the DVWA security level to “low” before beginning the remaining lab steps The low setting mimics a vulnerable Web application. Only a vulnerable system can be attacked. 9. As an ethical hacker, once you’ve determined that a database is injectable, what should you do with that information? As an ethical hacker, I should recommend specific countermeasures for remediating the vulnerabilities and eliminating the exploits. Once I have determined that a database is injectable b. Challenge Question c. Screenshots: Part 2: [Deliverable Lab Step 5] screen shot showing the exposed vulnerability
1. [Deliverable Lab Step 8] screen shot showing cross-site scripting attacks in the High setting. It does not go through.
Part 3: Step 6: screen shot displaying the result of the use the presence or lack of errors strategy to determine vulnerabilities. Review the output of this script (a' ORDER BY 1;# ). Here, I am trying to order the output by the first (1) column, or field. In this case, there is no error which means there is a first column. This allows to learn about the structure of the Database.
Step 7 screen shot displaying the result of the use the presence or lack of errors strategy to determine vulnerabilities. Review the output of this script (a' ORDER BY 2;#). Here, I am trying to order the output by the second (2) column, or field. In this case, there is no error which means there is a second column. Step 8: screen shot displaying the result of the use the presence or lack of errors strategy to determine vulnerabilities. Review the output of this script (a' ORDER BY 3;#). Here, I am trying to order the output by the third (3) column, or field. In this case, there is an error which means there is not a third column.
[Deliverable Lab Step 18]: a screen capture showing the user information for the user name that is currently being used to make queries on the server. [Deliverable Lab Step 20 ] a screen capture showing hash for the user to the backend database. Hashing in a database allows the creation of an index number. This facilitates the search of a record later on. http://www.webopedia.com/TERM/H/hashing.html
Part 4: [Deliverable Lab Step 8] screen capture showing the contents of the testing1.txt file

Recommended

Auditing a Wireless Network and Planning for a Secure WLAN Implementation
Auditing a Wireless Network and Planning for a Secure WLAN ImplementationAuditing a Wireless Network and Planning for a Secure WLAN Implementation
Auditing a Wireless Network and Planning for a Secure WLAN ImplementationCARMEN ALCIVAR
 
encryption and hash algorithms
encryption and hash algorithmsencryption and hash algorithms
encryption and hash algorithmsCARMEN ALCIVAR
 
What is Network Security?
What is Network Security?What is Network Security?
What is Network Security?
Faith Zeller
 
Network Security
Network SecurityNetwork Security
Network Security
Raymond Jose
 
Wlan security
Wlan securityWlan security
Wlan security
Sajan Sahu
 
Desktop Security
Desktop SecurityDesktop Security
Desktop Security
HardikBhandari7
 
Ethical Hacking n VAPT presentation by Suvrat jain
Ethical Hacking n VAPT presentation by Suvrat jainEthical Hacking n VAPT presentation by Suvrat jain
Ethical Hacking n VAPT presentation by Suvrat jain
Suvrat Jain
 
Cybersecurity 140713064844-phpapp01 (1)-converted
Cybersecurity 140713064844-phpapp01 (1)-convertedCybersecurity 140713064844-phpapp01 (1)-converted
Cybersecurity 140713064844-phpapp01 (1)-converted
Prof .Pragati Khade
 

Recommended

Auditing a Wireless Network and Planning for a Secure WLAN Implementation
Auditing a Wireless Network and Planning for a Secure WLAN ImplementationAuditing a Wireless Network and Planning for a Secure WLAN Implementation
Auditing a Wireless Network and Planning for a Secure WLAN ImplementationCARMEN ALCIVAR
 
encryption and hash algorithms
encryption and hash algorithmsencryption and hash algorithms
encryption and hash algorithmsCARMEN ALCIVAR
 
What is Network Security?
What is Network Security?What is Network Security?
What is Network Security?
Faith Zeller
 
Network Security
Network SecurityNetwork Security
Network Security
Raymond Jose
 
Wlan security
Wlan securityWlan security
Wlan security
Sajan Sahu
 
Desktop Security
Desktop SecurityDesktop Security
Desktop Security
HardikBhandari7
 
Ethical Hacking n VAPT presentation by Suvrat jain
Ethical Hacking n VAPT presentation by Suvrat jainEthical Hacking n VAPT presentation by Suvrat jain
Ethical Hacking n VAPT presentation by Suvrat jain
Suvrat Jain
 
Cybersecurity 140713064844-phpapp01 (1)-converted
Cybersecurity 140713064844-phpapp01 (1)-convertedCybersecurity 140713064844-phpapp01 (1)-converted
Cybersecurity 140713064844-phpapp01 (1)-converted
Prof .Pragati Khade
 
Network Security Threats and Solutions
Network Security Threats and SolutionsNetwork Security Threats and Solutions
Network Security Threats and SolutionsColin058
 
Penetration Testing Basics
Penetration Testing BasicsPenetration Testing Basics
Penetration Testing Basics
Rick Wanner
 
Module 3-cyber security
Module 3-cyber securityModule 3-cyber security
Module 3-cyber security
Sweta Kumari Barnwal
 
ETHICAL HACKING
ETHICAL HACKING ETHICAL HACKING
ETHICAL HACKING Sweta Leena Panda
 
Ethical Hacking
Ethical HackingEthical Hacking
Ethical Hacking
Namrata Raiyani
 
Ethical hacking ppt
Ethical hacking pptEthical hacking ppt
Ethical hacking ppt
himanshujoshi238
 
Network security
Network securityNetwork security
Network security
Simranpreet Singh
 
Firewall presentation
Firewall presentationFirewall presentation
Firewall presentation
TayabaZahid
 
Network Security
Network Security Network Security
Network Security
Abdul Qadir Pattal
 
Ethical hacking
Ethical hackingEthical hacking
Ethical hacking
VipinYadav257
 
Cyber security
Cyber security Cyber security
Cyber security
Sachith Lekamge
 
Network security and protocols
Network security and protocolsNetwork security and protocols
Network security and protocols
Online
 
Introduction to Web Application Penetration Testing
Introduction to Web Application Penetration TestingIntroduction to Web Application Penetration Testing
Introduction to Web Application Penetration Testing
Anurag Srivastava
 
Cyber crime & security
Cyber crime & securityCyber crime & security
Cyber crime & security
pinkutinku26
 
Firewalls
FirewallsFirewalls
Firewalls
Kalluri Madhuri
 
Cyber security by Anushka Jha
Cyber security by Anushka JhaCyber security by Anushka Jha
Cyber security by Anushka Jha
Anushka Jha
 
Network security
Network securityNetwork security
Network security
Estiak Khan
 
Overview of the Cyber Kill Chain [TM]
Overview of the Cyber Kill Chain [TM]Overview of the Cyber Kill Chain [TM]
Overview of the Cyber Kill Chain [TM]
David Sweigert
 
Types Of Firewall Security
Types Of Firewall SecurityTypes Of Firewall Security
Types Of Firewall Security
iberrywifisecurity
 
Network Security Presentation
Network Security PresentationNetwork Security Presentation
Network Security Presentation
Allan Pratt MBA
 
Packet capture and network traffic analysis
Packet capture and network traffic analysisPacket capture and network traffic analysis
Packet capture and network traffic analysisCARMEN ALCIVAR
 
Examples of sql queries
Examples of sql queriesExamples of sql queries
Examples of sql queries
Kishan Pant
 

More Related Content

What's hot

Network Security Threats and Solutions
Network Security Threats and SolutionsNetwork Security Threats and Solutions
Network Security Threats and SolutionsColin058
 
Penetration Testing Basics
Penetration Testing BasicsPenetration Testing Basics
Penetration Testing Basics
Rick Wanner
 
Module 3-cyber security
Module 3-cyber securityModule 3-cyber security
Module 3-cyber security
Sweta Kumari Barnwal
 
Ethical Hacking
Ethical HackingEthical Hacking
Ethical Hacking
Namrata Raiyani
 
Ethical hacking ppt
Ethical hacking pptEthical hacking ppt
Ethical hacking ppt
himanshujoshi238
 
Network security
Network securityNetwork security
Network security
Simranpreet Singh
 
Firewall presentation
Firewall presentationFirewall presentation
Firewall presentation
TayabaZahid
 
Network Security
Network Security Network Security
Network Security
Abdul Qadir Pattal
 
Ethical hacking
Ethical hackingEthical hacking
Ethical hacking
VipinYadav257
 
Cyber security
Cyber security Cyber security
Cyber security
Sachith Lekamge
 
Network security and protocols
Network security and protocolsNetwork security and protocols
Network security and protocols
Online
 
Introduction to Web Application Penetration Testing
Introduction to Web Application Penetration TestingIntroduction to Web Application Penetration Testing
Introduction to Web Application Penetration Testing
Anurag Srivastava
 
Cyber crime & security
Cyber crime & securityCyber crime & security
Cyber crime & security
pinkutinku26
 
Firewalls
FirewallsFirewalls
Firewalls
Kalluri Madhuri
 
Cyber security by Anushka Jha
Cyber security by Anushka JhaCyber security by Anushka Jha
Cyber security by Anushka Jha
Anushka Jha
 
Network security
Network securityNetwork security
Network security
Estiak Khan
 
Overview of the Cyber Kill Chain [TM]
Overview of the Cyber Kill Chain [TM]Overview of the Cyber Kill Chain [TM]
Overview of the Cyber Kill Chain [TM]
David Sweigert
 
Types Of Firewall Security
Types Of Firewall SecurityTypes Of Firewall Security
Types Of Firewall Security
iberrywifisecurity
 
Network Security Presentation
Network Security PresentationNetwork Security Presentation
Network Security Presentation
Allan Pratt MBA
 

What's hot (20)

Network Security Threats and Solutions
Network Security Threats and SolutionsNetwork Security Threats and Solutions
Network Security Threats and Solutions
 
Penetration Testing Basics
Penetration Testing BasicsPenetration Testing Basics
Penetration Testing Basics
 
Module 3-cyber security
Module 3-cyber securityModule 3-cyber security
Module 3-cyber security
 
ETHICAL HACKING
ETHICAL HACKING ETHICAL HACKING
ETHICAL HACKING
 
Ethical Hacking
Ethical HackingEthical Hacking
Ethical Hacking
 
Ethical hacking ppt
Ethical hacking pptEthical hacking ppt
Ethical hacking ppt
 
Network security
Network securityNetwork security
Network security
 
Firewall presentation
Firewall presentationFirewall presentation
Firewall presentation
 
Network Security
Network Security Network Security
Network Security
 
Ethical hacking
Ethical hackingEthical hacking
Ethical hacking
 
Cyber security
Cyber security Cyber security
Cyber security
 
Network security and protocols
Network security and protocolsNetwork security and protocols
Network security and protocols
 
Introduction to Web Application Penetration Testing
Introduction to Web Application Penetration TestingIntroduction to Web Application Penetration Testing
Introduction to Web Application Penetration Testing
 
Cyber crime & security
Cyber crime & securityCyber crime & security
Cyber crime & security
 
Firewalls
FirewallsFirewalls
Firewalls
 
Cyber security by Anushka Jha
Cyber security by Anushka JhaCyber security by Anushka Jha
Cyber security by Anushka Jha
 
Network security
Network securityNetwork security
Network security
 
Overview of the Cyber Kill Chain [TM]
Overview of the Cyber Kill Chain [TM]Overview of the Cyber Kill Chain [TM]
Overview of the Cyber Kill Chain [TM]
 
Types Of Firewall Security
Types Of Firewall SecurityTypes Of Firewall Security
Types Of Firewall Security
 
Network Security Presentation
Network Security PresentationNetwork Security Presentation
Network Security Presentation
 

Viewers also liked

Packet capture and network traffic analysis
Packet capture and network traffic analysisPacket capture and network traffic analysis
Packet capture and network traffic analysisCARMEN ALCIVAR
 
Examples of sql queries
Examples of sql queriesExamples of sql queries
Examples of sql queries
Kishan Pant
 
Population Health - HEDIS - Health Plan
Population Health - HEDIS - Health PlanPopulation Health - HEDIS - Health Plan
Population Health - HEDIS - Health PlanCARMEN ALCIVAR
 
HL7 decoding _Alcivar_C
HL7 decoding _Alcivar_CHL7 decoding _Alcivar_C
HL7 decoding _Alcivar_CCARMEN ALCIVAR
 
Oracle examples
Oracle examplesOracle examples
Oracle examples
MaRwa Samih AL-Amri
 
Project Metrics & Measures
Project Metrics & MeasuresProject Metrics & Measures
Project Metrics & Measures
Anand Subramaniam
 

Viewers also liked (6)

Packet capture and network traffic analysis
Packet capture and network traffic analysisPacket capture and network traffic analysis
Packet capture and network traffic analysis
 
Examples of sql queries
Examples of sql queriesExamples of sql queries
Examples of sql queries
 
Population Health - HEDIS - Health Plan
Population Health - HEDIS - Health PlanPopulation Health - HEDIS - Health Plan
Population Health - HEDIS - Health Plan
 
HL7 decoding _Alcivar_C
HL7 decoding _Alcivar_CHL7 decoding _Alcivar_C
HL7 decoding _Alcivar_C
 
Oracle examples
Oracle examplesOracle examples
Oracle examples
 
Project Metrics & Measures
Project Metrics & MeasuresProject Metrics & Measures
Project Metrics & Measures
 

Similar to example of sql injection

Sql Injection Attacks And A Web Application Environment
Sql Injection Attacks And A Web Application EnvironmentSql Injection Attacks And A Web Application Environment
Sql Injection Attacks And A Web Application Environment
Sheri Elliott
 
SalemPhilip_ResearchReport
SalemPhilip_ResearchReportSalemPhilip_ResearchReport
SalemPhilip_ResearchReportPhilip Salem
 
A Study on Vulnerability Management
A Study on Vulnerability ManagementA Study on Vulnerability Management
A Study on Vulnerability Management
IRJET Journal
 
IRJET- Bug Hunting using Web Application Penetration Testing Techniques.
IRJET- Bug Hunting using Web Application Penetration Testing Techniques.IRJET- Bug Hunting using Web Application Penetration Testing Techniques.
IRJET- Bug Hunting using Web Application Penetration Testing Techniques.
IRJET Journal
 
Miercom Security Effectiveness Test Report
Miercom Security Effectiveness Test Report Miercom Security Effectiveness Test Report
Miercom Security Effectiveness Test Report
Kim Jensen
 
Vulnerability Management System
Vulnerability Management SystemVulnerability Management System
Vulnerability Management System
IRJET Journal
 
IRJET- A Defense System Against Application Layer Ddos Attacks with Data Secu...
IRJET- A Defense System Against Application Layer Ddos Attacks with Data Secu...IRJET- A Defense System Against Application Layer Ddos Attacks with Data Secu...
IRJET- A Defense System Against Application Layer Ddos Attacks with Data Secu...
IRJET Journal
 
ENGS4851_Final_Certified_Report
ENGS4851_Final_Certified_ReportENGS4851_Final_Certified_Report
ENGS4851_Final_Certified_ReportNagendra Posani
 
IRJET- Testing Web Application using Vulnerability Scan
IRJET- Testing Web Application using Vulnerability ScanIRJET- Testing Web Application using Vulnerability Scan
IRJET- Testing Web Application using Vulnerability Scan
IRJET Journal
 
OWASP Secure Coding Quick Reference Guide
OWASP Secure Coding Quick Reference GuideOWASP Secure Coding Quick Reference Guide
OWASP Secure Coding Quick Reference Guide
Aryan G
 
Using Splunk for Information Security
Using Splunk for Information SecurityUsing Splunk for Information Security
Using Splunk for Information Security
Splunk
 
Using Splunk for Information Security
Using Splunk for Information SecurityUsing Splunk for Information Security
Using Splunk for Information Security
Shannon Cuthbertson
 
Introduction to Web Application Penetration Testing
Introduction to Web Application Penetration TestingIntroduction to Web Application Penetration Testing
Introduction to Web Application Penetration Testing
Rana Khalil
 
SQL Injection - The Unknown Story
SQL Injection - The Unknown StorySQL Injection - The Unknown Story
SQL Injection - The Unknown StoryImperva
 
Common Web Application Attacks
Common Web Application Attacks Common Web Application Attacks
Common Web Application Attacks
Ahmed Sherif
 
Web applications security conference slides
Web applications security conference slidesWeb applications security conference slides
Web applications security conference slides
Bassam Al-Khatib
 
Rational Unified Treatment for Web Application Vulnerability Assessment
Rational Unified Treatment for Web Application Vulnerability AssessmentRational Unified Treatment for Web Application Vulnerability Assessment
Rational Unified Treatment for Web Application Vulnerability Assessment
VESIT/University of Mumbai
 
Web application penetration testing lab setup guide
Web application penetration testing lab setup guideWeb application penetration testing lab setup guide
Web application penetration testing lab setup guide
Sudhanshu Chauhan
 
Kingston University Thesis - Design and Implementation of a Secure Web Applic...
Kingston University Thesis - Design and Implementation of a Secure Web Applic...Kingston University Thesis - Design and Implementation of a Secure Web Applic...
Kingston University Thesis - Design and Implementation of a Secure Web Applic...
PROBOTEK
 
Using Analyzers to Resolve Security Problems
Using Analyzers to Resolve Security ProblemsUsing Analyzers to Resolve Security Problems
Using Analyzers to Resolve Security Problems
kiansahafi
 

Similar to example of sql injection (20)

Sql Injection Attacks And A Web Application Environment
Sql Injection Attacks And A Web Application EnvironmentSql Injection Attacks And A Web Application Environment
Sql Injection Attacks And A Web Application Environment
 
SalemPhilip_ResearchReport
SalemPhilip_ResearchReportSalemPhilip_ResearchReport
SalemPhilip_ResearchReport
 
A Study on Vulnerability Management
A Study on Vulnerability ManagementA Study on Vulnerability Management
A Study on Vulnerability Management
 
IRJET- Bug Hunting using Web Application Penetration Testing Techniques.
IRJET- Bug Hunting using Web Application Penetration Testing Techniques.IRJET- Bug Hunting using Web Application Penetration Testing Techniques.
IRJET- Bug Hunting using Web Application Penetration Testing Techniques.
 
Miercom Security Effectiveness Test Report
Miercom Security Effectiveness Test Report Miercom Security Effectiveness Test Report
Miercom Security Effectiveness Test Report
 
Vulnerability Management System
Vulnerability Management SystemVulnerability Management System
Vulnerability Management System
 
IRJET- A Defense System Against Application Layer Ddos Attacks with Data Secu...
IRJET- A Defense System Against Application Layer Ddos Attacks with Data Secu...IRJET- A Defense System Against Application Layer Ddos Attacks with Data Secu...
IRJET- A Defense System Against Application Layer Ddos Attacks with Data Secu...
 
ENGS4851_Final_Certified_Report
ENGS4851_Final_Certified_ReportENGS4851_Final_Certified_Report
ENGS4851_Final_Certified_Report
 
IRJET- Testing Web Application using Vulnerability Scan
IRJET- Testing Web Application using Vulnerability ScanIRJET- Testing Web Application using Vulnerability Scan
IRJET- Testing Web Application using Vulnerability Scan
 
OWASP Secure Coding Quick Reference Guide
OWASP Secure Coding Quick Reference GuideOWASP Secure Coding Quick Reference Guide
OWASP Secure Coding Quick Reference Guide
 
Using Splunk for Information Security
Using Splunk for Information SecurityUsing Splunk for Information Security
Using Splunk for Information Security
 
Using Splunk for Information Security
Using Splunk for Information SecurityUsing Splunk for Information Security
Using Splunk for Information Security
 
Introduction to Web Application Penetration Testing
Introduction to Web Application Penetration TestingIntroduction to Web Application Penetration Testing
Introduction to Web Application Penetration Testing
 
SQL Injection - The Unknown Story
SQL Injection - The Unknown StorySQL Injection - The Unknown Story
SQL Injection - The Unknown Story
 
Common Web Application Attacks
Common Web Application Attacks Common Web Application Attacks
Common Web Application Attacks
 
Web applications security conference slides
Web applications security conference slidesWeb applications security conference slides
Web applications security conference slides
 
Rational Unified Treatment for Web Application Vulnerability Assessment
Rational Unified Treatment for Web Application Vulnerability AssessmentRational Unified Treatment for Web Application Vulnerability Assessment
Rational Unified Treatment for Web Application Vulnerability Assessment
 
Web application penetration testing lab setup guide
Web application penetration testing lab setup guideWeb application penetration testing lab setup guide
Web application penetration testing lab setup guide
 
Kingston University Thesis - Design and Implementation of a Secure Web Applic...
Kingston University Thesis - Design and Implementation of a Secure Web Applic...Kingston University Thesis - Design and Implementation of a Secure Web Applic...
Kingston University Thesis - Design and Implementation of a Secure Web Applic...
 
Using Analyzers to Resolve Security Problems
Using Analyzers to Resolve Security ProblemsUsing Analyzers to Resolve Security Problems
Using Analyzers to Resolve Security Problems
 

example of sql injection

  • 1. <Carmen Alcivar> NORTHEASTERN UNIVERSITY 360 Huntington Ave, Boston, MA. LAB ASSIGNMENT 6 – FOUNDATIONS OF INFORMATION ASSURANCE (IA5010)
  • 2. Contents Lab #15: Attacking a Vulnerable Web Application and Database ................................................2 a. Assessment Sheet........................................................................................................................2 b. Challenge Question.....................................................................................................................3 c. Screenshots: ................................................................................................................................3
  • 3. Lab #15: Attacking a Vulnerable Web Application and Database a. Assessment Sheet Course Name and Number: Foundations of Information Assurance – IA5010 Student Name: <Carmen Alcivar> Instructor Name: Derek Brodeur Lab Due Date: <2/21/16> Lab Assessment Questions & Answers 1. Why is it critical to perform a penetration test on a Web application and a Web server prior to production implementation? Performing penetration tests on a Web application and a Web server prior to production implementation is a critical step in ensuring the confidentiality, integrity, and availability (CIA) of the Web application or service. It is imperative to perform penetration test in order to protect customer’s private information that will be entered via the Web application. There are also laws regulating the confidentiality of customer’s data. 2. What is a cross-site scripting attack? Explain in your own words? A cross-site scripting attack is the type of attack that exploit a cross-site scripting (XSS) vulnerability in a Website. It is subject to a SQL injection attack on the Web application's SQL database. XSS is the malicious insertion of scripting code to extract data or modify a Web site’s code, application, or content. 3. What is a reflective cross-site scripting attack? The reflective cross-site scripting attack is a non-persistent attack in which all input shows output on the user’s/attacker’s screen and does not modify data stored on the server. 4. Based on the tests you performed in this lab, which Web application attack is more likely to extract privacy data elements out of a database? The reflective cross-site scripting attack is the type of attacks that allows you to extract privacy data elements out of a database. 5. If you can monitor when SQL injections are performed on an SQL database, what would you recommend as a security countermeasure to monitor your production SQL databases? I would recommend the use of Simple Network Management Protocol (SNMP) alerts which allows Database administrators to monitor their SQL databases for unauthorized or abnormal SQL injections and write scripts for alarming as well as. Encrypting the data elements that reside in long-term storage of the SQL database is another option. 6. Given that Apache and Internet Information Services (IIS) are the two most popular Web application servers for Linux and Microsoft® Windows platforms, what would you do to identify known software vulnerabilities and exploits?
  • 4. I could search the CVE listing using the keyword Apache to find all known Apache vulnerabilities and exploits. This allows to include all software patches and security patches on the production Web servers to remediate critical and major software vulnerabilities before the application is released. 7. What can you do to ensure that your organization incorporates penetration testing and Web application testing as part of its implementation procedures? Penetration testing should be part of the policy. The organization's security policy should dictate that no production Web application can be implemented without proper penetration testing and security hardening. 8. What is the purpose of setting the DVWA security level to “low” before beginning the remaining lab steps The low setting mimics a vulnerable Web application. Only a vulnerable system can be attacked. 9. As an ethical hacker, once you’ve determined that a database is injectable, what should you do with that information? As an ethical hacker, I should recommend specific countermeasures for remediating the vulnerabilities and eliminating the exploits. Once I have determined that a database is injectable b. Challenge Question c. Screenshots: Part 2: [Deliverable Lab Step 5] screen shot showing the exposed vulnerability
  • 5. 1. [Deliverable Lab Step 8] screen shot showing cross-site scripting attacks in the High setting. It does not go through.
  • 6. Part 3: Step 6: screen shot displaying the result of the use the presence or lack of errors strategy to determine vulnerabilities. Review the output of this script (a' ORDER BY 1;# ). Here, I am trying to order the output by the first (1) column, or field. In this case, there is no error which means there is a first column. This allows to learn about the structure of the Database.
  • 7. Step 7 screen shot displaying the result of the use the presence or lack of errors strategy to determine vulnerabilities. Review the output of this script (a' ORDER BY 2;#). Here, I am trying to order the output by the second (2) column, or field. In this case, there is no error which means there is a second column. Step 8: screen shot displaying the result of the use the presence or lack of errors strategy to determine vulnerabilities. Review the output of this script (a' ORDER BY 3;#). Here, I am trying to order the output by the third (3) column, or field. In this case, there is an error which means there is not a third column.
  • 8. [Deliverable Lab Step 18]: a screen capture showing the user information for the user name that is currently being used to make queries on the server. [Deliverable Lab Step 20 ] a screen capture showing hash for the user to the backend database. Hashing in a database allows the creation of an index number. This facilitates the search of a record later on. http://www.webopedia.com/TERM/H/hashing.html
  • 9. Part 4: [Deliverable Lab Step 8] screen capture showing the contents of the testing1.txt file