Attacking a Vulnerable Web Application and Database Assignment

Attacking a Vulnerable Web Application and Database Assignment

Instructions/Descriptions

Attacking a Vulnerable Web Application and Database Assignment

Assignment Grading Rubric Course: IT542 Unit: 3 Points: 90Assignment 3Outcomes addressed in this activity: Unit Outcomes: Develop an attack plan to compromise and exploit a website.

Perform a cross-site scripting and a SQL inject attack against a website. Select security measures appropriate to protect against common website attacks. Course Outcome:IT542-2: Develop best practices to address Web server and wireless network threats.

Assignment Instructions: This Assignment provides the “hands on” element to your studies. It gives you the opportunity to gain practical experience using the tools and techniques associated with ethical hacking. Read and perform the lab entitled “Lab #5: Attacking a Vulnerable Web Application and Database” found in Doc Sharing.

Complete all five parts of Lab #5. Compile your lab report in a Word document with a title page, labeling all screenshots you are required to capture, and including explanatory text where needed or required by the lab. Within your Word document, after your lab report, answer the Assessment Worksheet questions listed at the end of the lab. Conduct research and cite supporting sources in APA format where appropriate.

Directions for Submitting Your Assignment: Save your Word document containing your lab report and Assessment questions using the following file name format: Username-IT542-Assignment -Unit#.docx (Example: Talen- IT542 Assignment-Unit3.docx). Submit your file to the Unit 3 Assignment Dropbox by the end of Unit 3.

Assignment Requirements: All lab steps are completed, including screenshots and explanations where required. Assessment question answers contain sufficient information to adequately address the questions. The lab report and the answers are accurate and complete, as well as free of from grammar and spelling errors. For more information and an example of APA formatting, see the resources in Doc sharing or visit the KU Writing Center from the KU Homepage. Also review the KU Policy on Plagiarism.

This policy will be strictly enforced on all applicable Assignments and Discussion posts. If you have any questions, please contact your professor. Review the grading rubric below before beginning this activity. Assignment Grading Rubric = 90 points Assignment Requirements Points Possible Points Earned Web application and Web server backend database vulnerabilities are identified.

0†“18An attack plan to compromise and exploit a Web site using cross-site scripting was developed.0†“15A manual cross-site scripting (XSS) attack against a sample vulnerable Web Application was conducted and documented in the lab report.0†“15SQL injection attacks against a sample vulnerable Web application was conducted and documented in the lab report.0–15Assessment worksheet is completed, with responses that are accurate, complete and well written

(3 points per question).0†“27Assignment Total (Sum of all points)0†“90Less deduction taken for spelling, grammar, and APA errors. New total after deductions Lab #5 – Assessment Worksheet Attacking a Vulnerable Web Application and Database Course Name and Number: _____________________________________________________ Student Name: ________________________________________________________________Instructor Name: ______________________________________________________________Lab Due Date: ________________________________________________________________OverviewIn this lab, you used the Damn Vulnerable Web Application (DVWA), a tool specifically designed with common vulnerabilities to help Web developers test their own applications prior to release. As an ethical hacker, you found and exploited a cross-site scripting (XSS) vulnerability and conducted a SQL injection attack on the Web application€™s SQL database.

You made your attacks using a Web browser and some simple command strings. You documented your findings throughout the lablab Assessment Questions & Answers1. Why is it critical to perform a penetration test on a Web application and a Web server prior to production implementation?2. What is a cross-site scripting attack? Explain in your own words.3. What is a reflective cross-site scripting attack?4.

Based on the tests you performed in this lab, which Web application attack is more likely to extract privacy data elements out of a database?5. If you can monitor when SQL injections are performed on an SQL database, what would you recommend as a security countermeasure to monitor your production SQL databases?

6. Given that Apache and Internet Information Services (IIS) are the two most popular Web application servers for Linux and Microsoft® Windows platforms, what would you do to identify known software vulnerabilities and exploits?
7. What can you do to ensure that your organization incorporates penetration testing and Web application testing as part of its implementation procedures?8. What is the purpose of setting the DVWA security level to low before beginning the remaining lab steps?9. As an ethical hacker, once you€™vet determined that a database is injectable, what should you do with that information?

Attacking a Vulnerable Web Application and Database Assignment

PLACE THE ORDER WITH US TODAY AND GET A PERFECT SCORE!!!