Network Vulnerability And Penetration Testing Assignment
Added on 2022-09-18
6 Pages1145 Words23 ViewsType: 23
Web Development
|
|
|
Running head: NETWORK VULNERABILITY AND PENETRATION TESTING
NETWORK VULNERABILITY AND PENETRATION TESTING
Name of the Student
Name of the University
Author Note
NETWORK VULNERABILITY AND PENETRATION TESTING
Name of the Student
Name of the University
Author Note
1NETWORK VULNERABILITY AND PENETRATION TESTING
Executive Summary
Penetration testing also known as the ethical hacking is the preparation of testing of a
system of computer, web application and network in order to find the vulnerabilities of
security that an attacker can take advantage (Baloch 2017). Penetration testing can also be
automated with applications of software or can be executed manually. The goal of penetration
testing is as follows:
Identify if an attacker can penetrate the defense of a system
Deciding the affect of breach of security on confidentiality of the private data of the
system
Challenge 1:DAMN Vulnerable Web Application
The damn vulnerable web application is an web application of PHP/MySQL and it is
very vulnerable. The main goal of this application is to help the professionals of security to
test their tools and expertise in an environment that is legal. It helps the developers of web to
had better understand the procedures of securing the applications web and help the teachers
and the students learn about the security of web application in an environment of class that is
controlled (Abdullah 2020). The main objective of the DVWA is to practice many common
vulnerabilities of web with different levels of difficulty with an interface that is simple. The
DVWA is very much vulnerable and it should not be uploaded in any of the public html
folder on any servers of the internet as they will be compromised. It is recommended to
utilise a virtual machine that is set on the networking mode of NAT. In a guest machine, the
XAMPP for the web server and the database can be downloaded and installed. It is free
software and the software cab be redistributed and even it can be modified. The best way to
install the DVWA is to install XAMPP (Sagar et al 2018). XAMPP is very easy to install
Apache Distribution for Linux Windows and other operating systems. The package consists
Executive Summary
Penetration testing also known as the ethical hacking is the preparation of testing of a
system of computer, web application and network in order to find the vulnerabilities of
security that an attacker can take advantage (Baloch 2017). Penetration testing can also be
automated with applications of software or can be executed manually. The goal of penetration
testing is as follows:
Identify if an attacker can penetrate the defense of a system
Deciding the affect of breach of security on confidentiality of the private data of the
system
Challenge 1:DAMN Vulnerable Web Application
The damn vulnerable web application is an web application of PHP/MySQL and it is
very vulnerable. The main goal of this application is to help the professionals of security to
test their tools and expertise in an environment that is legal. It helps the developers of web to
had better understand the procedures of securing the applications web and help the teachers
and the students learn about the security of web application in an environment of class that is
controlled (Abdullah 2020). The main objective of the DVWA is to practice many common
vulnerabilities of web with different levels of difficulty with an interface that is simple. The
DVWA is very much vulnerable and it should not be uploaded in any of the public html
folder on any servers of the internet as they will be compromised. It is recommended to
utilise a virtual machine that is set on the networking mode of NAT. In a guest machine, the
XAMPP for the web server and the database can be downloaded and installed. It is free
software and the software cab be redistributed and even it can be modified. The best way to
install the DVWA is to install XAMPP (Sagar et al 2018). XAMPP is very easy to install
Apache Distribution for Linux Windows and other operating systems. The package consists
2NETWORK VULNERABILITY AND PENETRATION TESTING
of Apache Web Server, MySQL, PHP and many more. First, the database needs to be set up.
The first step is to click of setup DVWA and then click on the create database. This creates
the database with several data.
$_DVWA[‘db_user’]=’dvwa’;
$_DVWA[‘db_password]=supersecretpassword99;
$_DVWA[‘db_database]=’dvwa’;
The configurations of PHP can also be done.
allow_url_include = on - Allows for Remote File Inclusions (RFI) [allow_url_include]
allow_url_fopen = on - Allows for Remote File Inclusions (RFI) [allow_url_fopen]
safe_mode = off - (If PHP <= v5.4) Allows for SQL Injection (SQLi) [safe_mode]
magic_quotes_gpc = off - (If PHP <= v5.4) Allows for SQL Injection (SQLi)
[magic_quotes_gpc]
display_errors = off - (Optional) Hides PHP warning messages to make it less verbose
[display_errors]
The default credentials include:
Default username = admin
Default password = password
This can easily be brute forced and can be accessed the web application. However, if
the higher version of PHP is used in order to configure the web application then SQL
injection cannot be used in order to access the web application.
The benefits of DVWA are that it is best for the student and the beginners in order to take the
challenge and then use it in order to sharpen the skills. It can be easily installed and it is the
best place for hacking. This web application is totally legal. There are various kinds of
vulnerabilities that can be tested include the brute force attack, SQL injection, cross side
scripting, file upload and many more (Liu, Wang and Tian 2018). However, the easiest is the
brute force attack that is shown above. The default username is admin and the default
of Apache Web Server, MySQL, PHP and many more. First, the database needs to be set up.
The first step is to click of setup DVWA and then click on the create database. This creates
the database with several data.
$_DVWA[‘db_user’]=’dvwa’;
$_DVWA[‘db_password]=supersecretpassword99;
$_DVWA[‘db_database]=’dvwa’;
The configurations of PHP can also be done.
allow_url_include = on - Allows for Remote File Inclusions (RFI) [allow_url_include]
allow_url_fopen = on - Allows for Remote File Inclusions (RFI) [allow_url_fopen]
safe_mode = off - (If PHP <= v5.4) Allows for SQL Injection (SQLi) [safe_mode]
magic_quotes_gpc = off - (If PHP <= v5.4) Allows for SQL Injection (SQLi)
[magic_quotes_gpc]
display_errors = off - (Optional) Hides PHP warning messages to make it less verbose
[display_errors]
The default credentials include:
Default username = admin
Default password = password
This can easily be brute forced and can be accessed the web application. However, if
the higher version of PHP is used in order to configure the web application then SQL
injection cannot be used in order to access the web application.
The benefits of DVWA are that it is best for the student and the beginners in order to take the
challenge and then use it in order to sharpen the skills. It can be easily installed and it is the
best place for hacking. This web application is totally legal. There are various kinds of
vulnerabilities that can be tested include the brute force attack, SQL injection, cross side
scripting, file upload and many more (Liu, Wang and Tian 2018). However, the easiest is the
brute force attack that is shown above. The default username is admin and the default
End of preview
Want to access all the pages? Upload your documents or become a member.
Related Documents
How to Instal XAMPP - Assignmentlg...
|16
|2088
|29
Computing Technologies Assignment Reportlg...
|7
|1221
|30
Web Application Security | Reportlg...
|56
|2314
|9
web application securitylg...
|10
|3026
|43
Benefits for Online Web System Applicationlg...
|40
|4587
|44
Managing Services and Securitylg...
|19
|1665
|145