Ask a question from expert

Ask now

Document- Introduction to System Security

28 Pages4265 Words173 Views
   

Added on  2020-04-01

Document- Introduction to System Security

   Added on 2020-04-01

BookmarkShareRelated Documents
Systemsecurity
Document- Introduction to System Security_1
Table of Contents1.Introduction.................................................................................................................................3Part A...................................................................................................................................................32.Web goat J2EE web application package..................................................................................33.Procedures followed to download web goat...............................................................................34.Exploits used to attack a webpage..............................................................................................85.Description of the scenarios in 3 stages of the challenge...........................................................86.Screenshots.................................................................................................................................137.Method used to test the attack and result................................................................................16Part B..................................................................................................................................................178.Backtrack GNU/Linux distributions........................................................................................179.Description of the attack-DoS attack........................................................................................2010.Steps followed to implement (DoS) Attack...........................................................................2111.Evaluation of data after implementation.............................................................................2512.Defence mechanisms used to defend the attack...................................................................2613.Conclusion..............................................................................................................................27References...........................................................................................................................................28
Document- Introduction to System Security_2
1.IntroductionSystem security could be known as IT security or cyber security. It protect computer from the damage to their hardware, theft and software. The system security will be performedby WebGoatJ2EE web application package and Backtrack GNU/Linux distribution. The web Goat challenging questions will be completed using the web application package. The perfectJava source code is used for complete the Web Goat challenge. The theoretical description of the attack will be attached. The short evaluation and considerations of the attack will be provided. The defence mechanism will be included that is used for defend from such an attack. Defence mechanisms are having knowledge of how people have awareness of behaviours, feelings and unpleasant thoughts. The procedures will be included to download web goat. The method for testing the attack and result will be added. The steps will be added to implement the task. After the implementation step the evaluation of data will be written. Different techniques will be used to defend such attack. Backtrack GNU/Linux distributions description will be added.Part A2.Web goat J2EE web application packageWeb Goat is the J2EE application maintained by OWASP. It is created with security flaws for learning. OWASP stands for Open Web Application Security Project. It makes freely-available articles, tools, documentation, methodologies and technologies in the web application security field. In this application SQL injection is used for stealing the credit card numbers. To learn and implement is difficult in web application security. The initial aim of the web Goat is to create the de-facto interactive for web application security. It is Java basedweb application. IT is very insecure one. The Web Goat attack is made by using Tamber. Web Scarab and Burp Suite also used for this attack. Three challenges are done by the Web Goat that is Break the authentication, steal all the credit cards from the database and deface the website.3.Procedures followed to download web goatTo download the web Goat some software files are needed. The required softwarefiles 1.Operating system could be (Windows, Mac Osx, Ubuntu).2.Download the JDK file and install.
Document- Introduction to System Security_3
3.Apache Tomcat Server4.Download and install the Web Goat War file.Create variable Java1.Windows2.UbuntuHow to download and install the Apache Tomcat Server on Windows, Ubuntu, Mac OS 1.Mac OS XGoto http://tomcat.apache.org --> Download --> Tomcat 8.0 --> "8.0.{xx}" (where {xx} denotes the latest upgrade number) --> Binary distribution --> Core --> "tar.gz" package (e.g.,"apache-tomcat-8.0.{xx}.tar.gz", about 8 MB)Steps for installing Tomcata.Goto "~/Downloads", double-click the downloaded tarball (e.g., "apache-tomcat-8.0.{xx}.tar.gz") to expand it into a folder (e.g., "apache-tomcat-8.0.{xx}")b.Move the extracted folder (e.g., "apache-tomcat-8.0.{xx}") to "/Applications".c.For ease of use, we shall shorten and rename this folder to "tomcat".2. Windowsa.Goto http://tomcat.apache.org --> Downloads --> Tomcat 8.0 --> "8.0.{xx}" (where {xx} is the latest upgrade number) --> Binary Distributions --> Core --> "ZIP" package (e.g., "apache-tomcat-8.0.{xx}.zip", about 8 MB).b.Create your project directory, say "d:\myProject" or "c:\myProject". UNZIP the downloaded file into your project directory. Tomcat will be unzipped into directory "d:\myProject\apache-tomcat-8.0.{xx}".c.For ease of use, we shall shorten and rename this directory to "d:\myProject\tomcat".Configuration for Tomcat Server1.open the Tomcat-users.xml file under "Tomcat_Home\conf\"2.the Tomcat manager is enabled by adding the highlighted lines, inside the <Tomcat-users>elements
Document- Introduction to System Security_4
<tomcat-users><role rolename="manager-gui"/><user username="manager" password="xxxx" roles="manager-gui"/></tomcat-users>The Webgoat.war is copied to the Tomcat directory1.Mac OS X sudocp webgoat-container-5.4war /Applications/tomcat/webapps/ 2.Ubuntu sudocp webgoat-container-5.4.war /var/lib/tomcat/webapps/3.Windows copy webgoat-container-5.4.war and paste to D:\myProject\tomcat\Procedure for start and shutdown Tomcat server1.Ubuntu and Mac OS XBy using terminal select bin folder under the tomcat directory.Type this command to run the tomcat server "sudo ./startup.sh"Write this command to stop the tomcat server "sudo ./shutdown.sh"2.WindowsBy using window command prompt select the bin folder present in the tomcat directory.Type this command to run the tomcat server "startup"Write this command to stop the tomcat server "shutdown"After the installation of tomcat server open the server and enter the URL http://localhost:8080/webgoat_war_filename/ on browser address bar
Document- Introduction to System Security_5
Login as a admin with user name "webgoat" and password "webgoat"4.Exploits used to attack a webpageThere are many exploits that are used to proceed the attack. Some of the exploits are SQL injectionSession hijackingUrl manipulation The exploits used to complete the web goat challenge are the SQL injection and Session hijacking.
Document- Introduction to System Security_6

End of preview

Want to access all the pages? Upload your documents or become a member.

Related Documents
System Security Assignment
|14
|1488
|304

Assignmnet On System Security - ITC595
|16
|2081
|46

INFORMATION SYSTEM THREATS, ATTACKS AND DEFENSES.
|29
|1680
|33

Assignment On Linux Distribution
|17
|3733
|514

Software Testing Tools
|9
|2207
|213

Network Vulnerability And Penetration Testing Assignment
|6
|1145
|23