MEMO DATE: (Today’s Date) TO: (Tutor’s Name) FROM: (Student’s

Verified

Added on 2022/12/18

AI Summary

Application: Perform a Website and Database Attack Because web servers are not located behind firewalls and often have databases on their back-ends, they are prime targets for hackers. One popular attack against a web server is a cross-site scripting (XSS) attack, which uses a compromised server to trick users into providing sensitive information. Remember the online banking scenario from an earlier unit? It could have been implemented as an XSS attack. Databases also can be attacked through a client’s front-end. One popular method for doing so is an SQL injection attack. With this method, attackers enter SQL queries into input fields. If the input fields are not properly validated, this “input” is then sent to the database as part of the query. Attackers, if permitted, can use this method to view sensitive information, manipulate data, shut down the database, or any other operation allowed by SQL. If successful, an attacker “owns” your database. Any flaws in a web server’s configu

Contribute Materials

Your contribution can guide someone’s learning journey. Share your documents today.

MEMO
DATE: (Today’s Date)
TO: (Tutor’s Name)
FROM: (Student’s Name)
RE: Perform a website and Database attack
In lab eight I performed simple penetration tests. This was done to verify cross-site
scripting (XSS) exploit and SQL injection using Damn Vulnerable Web application. DVMWA is
a tool which I left intentionally to assist learning more about web security. Another tool which
was used was a web browser and simple command strings; the tools were used to identify the IP
target and the known weaknesses or vulnerabilities from both the web server and the web
application.
From the lab, it is very important to perform penetration tests this because of;
 Makes sure that no one is able to penetrate to a web application once it is online
 It ensures Confidentiality, availability and integrity
 Allows one to patch the web server vulnerabilities
From the above three reasons then it is important to endure that an organization performs
penetration tests. To do this an organization needs to ensure that penetration testing is part of
organization security policy. In the policy the statement ought to indicate that no production of a
web application or putting a web application live or on the internet before proper penetration is
done.

Secure Best Marks with AI Grader

Need help grading? Try our AI Grader for instant feedback on your assignments.

💎 Get Pro

Despite the presence of a web application firewall some vulnerabilities will still remain
unless an organization uses other sophisticated security tools. Some of the weaknesses which
will still remain are the logical ones i.e. those which are associated with server software, network
infrastructure devices, and organization computers. Also weaknesses as a result of employee not
following organization procedures will still remain.

1 out of 2

+13062052269

info@desklib.com

MEMO DATE: (Today’s Date) TO: (Tutor’s Name) FROM: (Student’s

Contribute Materials

Secure Best Marks with AI Grader

Related Documents

Performing a Website and Database Attack

Cyber Security and Analytics

Ethical Issues in Technology and Hacking

Web Application Set-up Assignment 2022

Penetration Testing Report And Management

Penetration testing Assignment PDF