Performing a Website and Database Attack

Verified

Added on 2022/12/18

AI Summary

This lab focuses on performing simple tests to verify SQL injection attack and cross-site scripting (XSS) using Daman Vulnerable Web Application (DVWA). It explains the importance of penetration testing on web applications and servers, and provides insights on how to incorporate penetration testing into an organization's implementation procedures. The lab also discusses the aim of setting DVWA security level to low and provides screenshots of the vulnerabilities and attacks.

Contribute Materials

Your contribution can guide someone’s learning journey. Share your documents today.

Running head: PERFORMING A WEBSITE AND DATABASE ATTACK
LAB #5: PERFORMING A WEBSITE AND DATABASE ATTACK
(Course’s Name)
(Student’s Name)
(Instructor’s Name)
(Date)

Secure Best Marks with AI Grader

Need help grading? Try our AI Grader for instant feedback on your assignments.

PERFORMING A WEBSITE AND DATABASE ATTACK 2
Overview
In this lab, I performed simple tests to verify SQL injection attack and cross-site scripting
(XSS) using Daman Vulnerable Web Application (DVWA). DVMWA is a tool that was left
intentionally vulnerable to assists network security professionals in learning about web security.
In addition, to continue with this lab I used a web browser and simple command strings. This
enabled one to identify the IP target hosts and its known vulnerabilities. I then attacked the web
server and web application using SQL injection and XSS scripting to exploit vulnerabilities on
the web server and web application.
Lab questions 1, 7, and 8
Question one: Why it is critical to perform a penetration test on a web application and a
web server prior to production implementation
Penetration testing is also referred to as pen testing; it is the practice of testing a web
application or a web-server to find vulnerabilities which an attacker could exploit. It involves the
use of automated software applications to gather information about the target.
Performing penetration testing on a web server and a web application before production
implementation is a very important step. This is because it ensures the integrity, availability, and
confidentiality (CIA) of the web server and the web application. It’s imperative for one to
perform penetration testing to protect sensitive information which entered through the web
application to the web server. It is also important to note that by checking web server
vulnerabilities it allows one to patch web server weaknesses thus able to reduce them. In
addition, there are laws that regulate the confidentiality of customer’s data. Also, by performing
penetration test on a web application one makes sure that no one penetrates the web application
once it is put in a live situation (Dobran, 2018).

PERFORMING A WEBSITE AND DATABASE ATTACK 3
Question seven: What can one do to ensure that an organization incorporates penetration
testing and web application as part of its implementation procedures?
First, one needs to note that penetration testing should be part of organization network
security policy. Here the policy should indicate that no production of a web application that
ought to be implemented or put live without proper penetration testing and network security
hardening. Second, the network security administrator of the organization ought to be always on
a discussion with their supervisors; this usually fosters a culture of responsibility and security
thus making penetration testing useful to the organization. Third, the network administrators
ought to make sure that all the organization stakeholders know that penetration testing allows
one to test SQL injection weaknesses that hackers can hijack organization data thus able to
modify organization database contents. In addition, a network administrator needs to make it
known to the organization management that penetration testing reveals web server vulnerabilities
which can be catastrophic if hackers execute web server weaknesses (Kotenko & Skormin,
2017).
Question eight: What is the aim of setting DVWA security level to low before beginning the
remaining lab steps?
The major purpose of setting the DVWA security level to low is because it mimics a
vulnerable web application. According to network security analyst only vulnerable system which
are attacked. In addition, the low security level indicates that a web server on one of the most
vulnerable states (Strebe, 2006).

PERFORMING A WEBSITE AND DATABASE ATTACK 4
Part two: Screenshots
Screen shot shown below (Figure one) shows the vulnerability which was exposed
Figure 1: Vulnerability which was exposed
Figure two below shows XSS attack in a high setting. The attack did not go through
Figure 2: Shows that the XSS attack did not go through

Secure Best Marks with AI Grader

Need help grading? Try our AI Grader for instant feedback on your assignments.

PERFORMING A WEBSITE AND DATABASE ATTACK 5
Figure 3 i.e. the screenshot shown below displays lack or presence of errors strategy to
determine vulnerabilities. By reviewing the output of the script, here am trying to order output by
first field or column. Here there is no error meaning that there is a first column. This script
allows one to run about the structure of the database
Figure 3: Displays lack or presence of errors
The screenshot shown below (Figure 4) displays the result of the lack or presence or
errors to determine vulnerabilities. By reviewing the output of this script here am trying to order
the output by 2nd column or a filed. Here, there is no error meaning that there is the 2nd column.

PERFORMING A WEBSITE AND DATABASE ATTACK 6
Figure 4: displays the result of the lack or presence or errors to determine vulnerabilities
The figure five shown below captures user information for the username which is being used to
make queries to the server.
Figure 5: Captures user information

PERFORMING A WEBSITE AND DATABASE ATTACK 7
Purpose of hashing in a database
Figure shown below is a script displaying hash function for user in the back-end
database. Usually hashing in a database allows the creation of an index number. This in turn
facilitates the search record later on the URL shown on the browser. According to database
administrators hashing is the transformation of string characters into a shorter fixed length value.
The major aim of hashing is to retrieve or index items in a database.

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

PERFORMING A WEBSITE AND DATABASE ATTACK 8
References
Dobran, B. (2018, Novermber 22nd). Network Security Threats, 11 Emerging Trends For 2019.
(Phoenix NAP globakl services) Retrieved August 31st, 2019, from
https://phoenixnap.com/blog/network-security-threats
Kotenko, I., & Skormin, V. A. (2017). Computer network security : 5th International. New
York: Springer Press.
Strebe, M. (2006). Network Security JumpStart: Computer and network security basics. New
York: Hoben Press.