Instructions : Complete the tasks described in this worksheet. Read the instruct
ID: 3877545 • Letter: I
Question
Instructions: Complete the tasks described in this worksheet. Read the instructions carefully and submit evidence of your completed tasks (a screen shot is your evidence). Answer the questions below in the space provided.
Showing Evidence of Completion: Your evidence of completion is a screen shot, as described in each exercise. Use the tool of your choice to take a screen shot of the required content. Screen shots should be pasted at the end of this document.
Answering Questions: Your answers should be written in carefully edited college-level English, using complete sentences.
Lab – Analyzing Types of Web Application Attacks
Instructions and Evidence of Completion
Answer a Question
At the end of the document (not in this table) paste a screen capture that shows: the successful SQL Injection showing the complete user data base; the complete profile for user Larry Stooge; the DVWA tool showing the XSS attack. Be sure to label your screen captures and be sure that it shows the command used and the output from that command. You should show three screen captures.
Answer each of the questions below using the space to the right of the question. Be sure your answer is complete and correct.
Question
Answer
In your own words explain why some web sites are vulnerable to SQL injection attacks.
What two things must a web site do to make it vulnerable to an XSS attack?
What are the primary differences between HTML and XML?
In your own words explain a buffer overflow.
Lab – Analyzing Types of Web Application Attacks
Instructions and Evidence of Completion
Answer a Question
At the end of the document (not in this table) paste a screen capture that shows: the successful SQL Injection showing the complete user data base; the complete profile for user Larry Stooge; the DVWA tool showing the XSS attack. Be sure to label your screen captures and be sure that it shows the command used and the output from that command. You should show three screen captures.
Answer each of the questions below using the space to the right of the question. Be sure your answer is complete and correct.
Question
Answer
In your own words explain why some web sites are vulnerable to SQL injection attacks.
What two things must a web site do to make it vulnerable to an XSS attack?
What are the primary differences between HTML and XML?
In your own words explain a buffer overflow.
Explanation / Answer
Answer)
In your own words explain why some web sites are vulnerable to SQL injection attacks.
Some websites which use SQL queries and statements to control the website's database server. The attacker or hacker can design the SQL injunction by modifying the SQL queries which are used to add, modify, delete the database.
This vulnerability can affect the website or application and makes use of an SQL based database. It can be used to bypass the web application's authentication and authorization and can operate on any website which uses SQL.
What two things must a web site do to make it vulnerable to an XSS attack?
For a website to be vulnerable to XSS attack:
1) The website must not have a detection for the user to find it as a trusted site. If the user cannot check for a trusted site, then the attack will be easy.
2) I shouldn't have adequate protecting against so that malicious scripts can be injected and executed and end user can be fooled and thus trust the malicious website now.
What are the primary differences between HTML and XML?
HTML is Hypertext Markup Language while XML is eXtensible Markup Language. HTML was designed to display data in the USer Interface. XML was designed to be used as a tools to transport data and store information in a particular format. HTML is basically static and XML is dynamic as the information and data may change.
In your own words explain a buffer overflow.
Buffers are areas and blocks of memory that are used to hold data which are used when data is moving between programs. Buffer overflow is an anomaly when the programs crosses or overruns the buffer boundary and writes beyond the buffers location and size to other memory location.
By this the overwriting can be done to another some part of some other data which in turn may result in memory error, crashes and incorrect results.