Performing a Website and Database Attack
Added on 2022-12-18
8 Pages1086 Words40 Views
Running head: PERFORMING A WEBSITE AND DATABASE ATTACK
LAB #5: PERFORMING A WEBSITE AND DATABASE ATTACK
(Course’s Name)
(Student’s Name)
(Instructor’s Name)
(Date)
LAB #5: PERFORMING A WEBSITE AND DATABASE ATTACK
(Course’s Name)
(Student’s Name)
(Instructor’s Name)
(Date)
PERFORMING A WEBSITE AND DATABASE ATTACK 2
Overview
In this lab, I performed simple tests to verify SQL injection attack and cross-site scripting
(XSS) using Daman Vulnerable Web Application (DVWA). DVMWA is a tool that was left
intentionally vulnerable to assists network security professionals in learning about web security.
In addition, to continue with this lab I used a web browser and simple command strings. This
enabled one to identify the IP target hosts and its known vulnerabilities. I then attacked the web
server and web application using SQL injection and XSS scripting to exploit vulnerabilities on
the web server and web application.
Lab questions 1, 7, and 8
Question one: Why it is critical to perform a penetration test on a web application and a
web server prior to production implementation
Penetration testing is also referred to as pen testing; it is the practice of testing a web
application or a web-server to find vulnerabilities which an attacker could exploit. It involves the
use of automated software applications to gather information about the target.
Performing penetration testing on a web server and a web application before production
implementation is a very important step. This is because it ensures the integrity, availability, and
confidentiality (CIA) of the web server and the web application. It’s imperative for one to
perform penetration testing to protect sensitive information which entered through the web
application to the web server. It is also important to note that by checking web server
vulnerabilities it allows one to patch web server weaknesses thus able to reduce them. In
addition, there are laws that regulate the confidentiality of customer’s data. Also, by performing
penetration test on a web application one makes sure that no one penetrates the web application
once it is put in a live situation (Dobran, 2018).
Overview
In this lab, I performed simple tests to verify SQL injection attack and cross-site scripting
(XSS) using Daman Vulnerable Web Application (DVWA). DVMWA is a tool that was left
intentionally vulnerable to assists network security professionals in learning about web security.
In addition, to continue with this lab I used a web browser and simple command strings. This
enabled one to identify the IP target hosts and its known vulnerabilities. I then attacked the web
server and web application using SQL injection and XSS scripting to exploit vulnerabilities on
the web server and web application.
Lab questions 1, 7, and 8
Question one: Why it is critical to perform a penetration test on a web application and a
web server prior to production implementation
Penetration testing is also referred to as pen testing; it is the practice of testing a web
application or a web-server to find vulnerabilities which an attacker could exploit. It involves the
use of automated software applications to gather information about the target.
Performing penetration testing on a web server and a web application before production
implementation is a very important step. This is because it ensures the integrity, availability, and
confidentiality (CIA) of the web server and the web application. It’s imperative for one to
perform penetration testing to protect sensitive information which entered through the web
application to the web server. It is also important to note that by checking web server
vulnerabilities it allows one to patch web server weaknesses thus able to reduce them. In
addition, there are laws that regulate the confidentiality of customer’s data. Also, by performing
penetration test on a web application one makes sure that no one penetrates the web application
once it is put in a live situation (Dobran, 2018).
PERFORMING A WEBSITE AND DATABASE ATTACK 3
Question seven: What can one do to ensure that an organization incorporates penetration
testing and web application as part of its implementation procedures?
First, one needs to note that penetration testing should be part of organization network
security policy. Here the policy should indicate that no production of a web application that
ought to be implemented or put live without proper penetration testing and network security
hardening. Second, the network security administrator of the organization ought to be always on
a discussion with their supervisors; this usually fosters a culture of responsibility and security
thus making penetration testing useful to the organization. Third, the network administrators
ought to make sure that all the organization stakeholders know that penetration testing allows
one to test SQL injection weaknesses that hackers can hijack organization data thus able to
modify organization database contents. In addition, a network administrator needs to make it
known to the organization management that penetration testing reveals web server vulnerabilities
which can be catastrophic if hackers execute web server weaknesses (Kotenko & Skormin,
2017).
Question eight: What is the aim of setting DVWA security level to low before beginning the
remaining lab steps?
The major purpose of setting the DVWA security level to low is because it mimics a
vulnerable web application. According to network security analyst only vulnerable system which
are attacked. In addition, the low security level indicates that a web server on one of the most
vulnerable states (Strebe, 2006).
Question seven: What can one do to ensure that an organization incorporates penetration
testing and web application as part of its implementation procedures?
First, one needs to note that penetration testing should be part of organization network
security policy. Here the policy should indicate that no production of a web application that
ought to be implemented or put live without proper penetration testing and network security
hardening. Second, the network security administrator of the organization ought to be always on
a discussion with their supervisors; this usually fosters a culture of responsibility and security
thus making penetration testing useful to the organization. Third, the network administrators
ought to make sure that all the organization stakeholders know that penetration testing allows
one to test SQL injection weaknesses that hackers can hijack organization data thus able to
modify organization database contents. In addition, a network administrator needs to make it
known to the organization management that penetration testing reveals web server vulnerabilities
which can be catastrophic if hackers execute web server weaknesses (Kotenko & Skormin,
2017).
Question eight: What is the aim of setting DVWA security level to low before beginning the
remaining lab steps?
The major purpose of setting the DVWA security level to low is because it mimics a
vulnerable web application. According to network security analyst only vulnerable system which
are attacked. In addition, the low security level indicates that a web server on one of the most
vulnerable states (Strebe, 2006).
End of preview
Want to access all the pages? Upload your documents or become a member.
Related Documents
MEMO DATE: (Today’s Date) TO: (Tutor’s Name) FROM: (Student’slg...
|2
|302
|70
Ways of Attacking a Web Application in PHP: SQL Injection, XSS, Session Hijacking, Directory Traversal, and Remote File Inclusionlg...
|9
|1493
|176
Penetration Testing Penetration Testinglg...
|52
|9148
|85
Information Security Threats and Mitigation Strategies for Nikelg...
|17
|2930
|66
Web Application Set-up Assignment 2022lg...
|13
|1511
|15
Computing Technologies Assignment Reportlg...
|7
|1221
|30