LAB 11: Performing a Web Site and Database Attack by Exploiting Identified Vulnerabilities
1. Why is it critical to perform a penetration test on a Web application and a Web server prior to production implementation?
Essentially, performing a penetration test on a web application or web server, prior to implementation, is critical to exposing and/or correcting any existing security flaws. In fact, such penetration testing is critical to ensuring the confidentiality, integrity, and availability (CIA) of a given web application or service. Also, penetration testing should be performed on a regular basis, or whenever a given web application or service is modified, in order to detect any possible security vulnerabilities and/or flaws.
2. What is a cross-site scripting attack? Explain in your own words.
Simply put, cross-site scripting refers to the malicious injection of scripting code, into a given web server or application, in order to exploit or extract information and/or data, or even modify the contents of the targeted web server or application. Regarding cross-site scripting, cross-site scripting attacks utilize the process of cross-site scripting, and may be classified into two categories: persistent, or stored, and non-persistent, or reflective.
3. What is a reflective cross-site scripting attack?
Classified as a type
…show more content…
For example, an organization’s security policy should dictate that no production of any given web application, residing either inside or outside of a firewall, should be implemented without extensive, proper penetration testing and security hardening. In addition, creating a detailed security policy, along with various security procedures, regularly-scheduled monitoring, penetration testing, and observance may aid in ensuring an organization incorporates proper web application testing
- Better Essays
IS 3220 Project Part 1: Network Survey
- 3363 Words
- 14 Pages
* Check existing security scan reports, from WireShark and NetWitness Investigator, and see if we can identify data leakage, and setup new policies and procedures for monitoring web servers and applications.
- 3363 Words
- 14 Pages
Better Essays - Better Essays
Unit 1 Lab
- 1050 Words
- 5 Pages
2. The subject who was diagnosed with secondary hypothyroidism was given levothyroxine (synthetic Thyroxine). After 6 weeks of
- 1050 Words
- 5 Pages
Better Essays - Decent Essays
Nt1330 Unit 3
- 459 Words
- 2 Pages
On April 4th of this year, Microsoft issued security bulletin MS15-034; this security bulletin explains a vulnerability that “could allow remote code execution if an attacker sends a specially crafted HTTP request to an affected Windows system.” Later, on June 9th, Microsoft issued another security bulletin, MS15-056; this security bulletin explains a vulnerability that “could allow remote code execution if a user views a specially crafted webpage using Internet Explorer. An attacker who
- 459 Words
- 2 Pages
Decent Essays - Good Essays
Nt1330 Unit 3 Assignment 1
- 941 Words
- 4 Pages
The attack is carried out on a closed environment using a local web server to host the
- 941 Words
- 4 Pages
Good Essays - Decent Essays
NT1330 Unit 3 Assignment 3
- 700 Words
- 3 Pages
One of the most common is the CGI scripting. CGI scripting works by sending Bash command to the web server i.e. (Apache, *gnix, Webrick... etc.) to generate dynamic content for the user. Dynamic content is when a website appears personalized to the user. A normal Web browser would not allow the user to execute special query in the address bar. So, the attacker can use Bash to interact with website. For instance, the command in Bash called "curl" is a utility that is used to make HTTP request to a give specific URL essentially you are navigating the website without the Graphical User Interface (GUI). So, if the victims have CGI scripting enabled and the shellshock bug is present we know we can get the bash to run arbitrary code. So if the attacker runs this
- 700 Words
- 3 Pages
Decent Essays - Decent Essays
Nt1330 Unit 2
- 855 Words
- 4 Pages
Companies should develop a control that requires that routine vulnerability assessment of their customer facing web sites, network infrastructure, and associated systems (such as database systems). Vulnerability assessment can help identify potential weaknesses to systems and also provide a sort of feedback to the organization’s IT department on their current operational policy and security posture. The cost of performing a routine vulnerability assessment is considerably less than that of an actual data breach.
- 855 Words
- 4 Pages
Decent Essays - Decent Essays
Nt1310 Unit 3 Penetration Testing
- 1400 Words
- 6 Pages
Our company is looking for security threats inside and outside their network. The best way to see what our network is vulnerable to is to use penetration testing (pen-testing) to find the leaks in and out of our network. Penetration testing is a network security approach that simulates an attack from an intruder trying to get unauthorized access to the infrastructure. With this type of testing the intent is to discover flaws in the security settings of the system before they can be exploited. Information Assurance Research Corporation (IARC) should conduct penetration testing on a regular basis, so we have the ability to locate weaknesses in the hardware and software, check the security controls currently established and determine if the
- 1400 Words
- 6 Pages
Decent Essays - Decent Essays
Nt2580 Unit 7 Chapter 12
- 769 Words
- 4 Pages
A vulnerability assessment is a risk testing process which finds, quantity and rank possible vulnerabilities to threats in as many security defects as possible in a given timeframe. Depend upon organization scope there are many way to conduct vulnerability assessment. This assessment may involve automated and manual techniques.
- 769 Words
- 4 Pages
Decent Essays - Decent Essays
Phet Lab 16
- 621 Words
- 3 Pages
4) This line is much like a line on a geologic topo map. Explain the similarity.
- 621 Words
- 3 Pages
Decent Essays - Good Essays
Assignment 08 Essay
- 1277 Words
- 6 Pages
Dougherty, C., Householder, A., & Houle, K. (2002). Computer attack trends challenge Internet security. Computer, 35(4), 0005-7.
- 1277 Words
- 6 Pages
Good Essays - Good Essays
The Topic For My Capstone Project Was To Gain Introductory
- 1279 Words
- 6 Pages
Penetration testing is when a company pays a specialist to try and break into their network and relay back to them any vulnerabilities they may find. Now
- 1279 Words
- 6 Pages
Good Essays - Decent Essays
This report documents the results from the penetration test of the Ernst and Young Credit Union external website (http://10.55.3.101). Full authorisation has been given to conduct the test, which was carried out in a manner that simulates an attack from a malicious user. The objectives were to:
- 2338 Words
- 9 Pages
Decent Essays - Good Essays
Unitec: Advanced Cyber Security
- 2412 Words
- 10 Pages
Cross Site Scripting is one of the most common web exploited vulnerability as it is listed as number 2 just after SQL injection on the OWASP website. It is also a type of injection but script injection. XSS enables the attackers to inject client-side script into web pages which are viewed by other users. Cross Site Scripting has been in World Wide Web since 1996. The attacker just needs to know a little java scripting to exploit vulnerability. Today all popular web programming technologies such as PHP, microsoft.Net, ColdFusion and asp are all acceptable with XSS. Cross Site Scripting happens when users find that your website is vulnerable and users the website to distribute malicious scripts to other users which runs in other users web browsers. This type of attack is used to steal sensitive user information such as emails, date of birth, names and hijack user sessions by which the hacker gets unauthorized access to the web server. A web application is sent with a
- 2412 Words
- 10 Pages
Good Essays