Web Application Security | Report
VerifiedAdded on 2022/09/09
|56
|2314
|9
AI Summary
Contribute Materials
Your contribution can guide someone’s learning journey. Share your
documents today.
Web Application Security
[Type the document subtitle]
[Pick the date]
[Type the company name]
[Type the document subtitle]
[Pick the date]
[Type the company name]
Secure Best Marks with AI Grader
Need help grading? Try our AI Grader for instant feedback on your assignments.
Setup
WampServer
In this assignment, we set up the wamp server. In the above, we can see the installation of a wamp
server.
2 | P a g e
WampServer
In this assignment, we set up the wamp server. In the above, we can see the installation of a wamp
server.
2 | P a g e
Choose I accept the agreement option and then click next
3 | P a g e
3 | P a g e
Click on next option
4 | P a g e
4 | P a g e
Secure Best Marks with AI Grader
Need help grading? Try our AI Grader for instant feedback on your assignments.
Click on allow access button
Click on the install button
5 | P a g e
Click on the install button
5 | P a g e
Click on next button, we can see sever name localhost
6 | P a g e
6 | P a g e
Click on the finish button
7 | P a g e
7 | P a g e
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
After install wamp, we can see testing of wamp server
8 | P a g e
8 | P a g e
MySql
In above, we can see the installation of MySQL database
9 | P a g e
In above, we can see the installation of MySQL database
9 | P a g e
Select the default option and click on next button
10 | P a g e
10 | P a g e
Secure Best Marks with AI Grader
Need help grading? Try our AI Grader for instant feedback on your assignments.
Click on the install button
11 | P a g e
11 | P a g e
Click on next button
12 | P a g e
12 | P a g e
Click on the finish button
13 | P a g e
13 | P a g e
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
Click on next button
14 | P a g e
14 | P a g e
Keep default option and click on next button
15 | P a g e
15 | P a g e
Keep default option and click on next button
16 | P a g e
16 | P a g e
Secure Best Marks with AI Grader
Need help grading? Try our AI Grader for instant feedback on your assignments.
Keep default option and click on next button
17 | P a g e
17 | P a g e
Keep default option and click on next button
18 | P a g e
18 | P a g e
Keep default option and click on next button
19 | P a g e
19 | P a g e
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
Keep default option and click on next button
20 | P a g e
20 | P a g e
I have updated port here
21 | P a g e
21 | P a g e
Keep default option and click on next button
22 | P a g e
22 | P a g e
Secure Best Marks with AI Grader
Need help grading? Try our AI Grader for instant feedback on your assignments.
Keep default option and click on next button
23 | P a g e
23 | P a g e
Enter the password and click on next
24 | P a g e
24 | P a g e
Click on execute button
25 | P a g e
25 | P a g e
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
After complete click on the finish button
26 | P a g e
26 | P a g e
Test MySQL database
Install a GUI tool
27 | P a g e
Install a GUI tool
27 | P a g e
Click on next button
28 | P a g e
28 | P a g e
Secure Best Marks with AI Grader
Need help grading? Try our AI Grader for instant feedback on your assignments.
Keep default option and click on next button
29 | P a g e
29 | P a g e
Keep default option and click on next button
30 | P a g e
30 | P a g e
Keep default option and click on next button
31 | P a g e
31 | P a g e
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
32 | P a g e
OWASP MUTILIDAE
Here we can see the software folder of mutillidae
33 | P a g e
Here we can see the software folder of mutillidae
33 | P a g e
After running PHP and run mutillidae
34 | P a g e
34 | P a g e
Secure Best Marks with AI Grader
Need help grading? Try our AI Grader for instant feedback on your assignments.
(Jeremy Druin 2013)
35 | P a g e
35 | P a g e
Nmap
In above, we can see the port scanning by Nmap
36 | P a g e
In above, we can see the port scanning by Nmap
36 | P a g e
Wireshark
In above, we can see packet tracer for mutillidae using Wireshark(Fischer Werner 2017)
37 | P a g e
In above, we can see packet tracer for mutillidae using Wireshark(Fischer Werner 2017)
37 | P a g e
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
In above, we can see the IO graph which shows the graph again all input and output
38 | P a g e
38 | P a g e
Throughput
Here, we can see the throughput or bandwidth
39 | P a g e
Here, we can see the throughput or bandwidth
39 | P a g e
Window scaling
Windows scaling shows the size vs time. It helps to determine the bandwidth of the site
40 | P a g e
Windows scaling shows the size vs time. It helps to determine the bandwidth of the site
40 | P a g e
Secure Best Marks with AI Grader
Need help grading? Try our AI Grader for instant feedback on your assignments.
SQL Injection
41 | P a g e
41 | P a g e
42 | P a g e
43 | P a g e
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
44 | P a g e
45 | P a g e
46 | P a g e
Secure Best Marks with AI Grader
Need help grading? Try our AI Grader for instant feedback on your assignments.
sqlmap Injection
47 | P a g e
47 | P a g e
Perform again
48 | P a g e
48 | P a g e
49 | P a g e
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
50 | P a g e
51 | P a g e
(Xiao L. 2016)
52 | P a g e
52 | P a g e
Secure Best Marks with AI Grader
Need help grading? Try our AI Grader for instant feedback on your assignments.
Web Application Security Model
Firewall
A firewall is one of the security systems used to restrict unauthorized users to use the private network.
Firewall we can set in the form of software as well hardware form or we can make the combination of
both. This system restricts unauthorized users especially from using the intranet (Smriti Er 2014). The
entire message transferring in the intranet will go via the firewall. It checked all the messages against
the security criteria and pass if and only if it passes all the criteria.
Following are some types of firewalls:
1. Packet Filtering: data transmission is done in the form of packets. Every packet is examined by
this packet filtering.
2. Circuit-level gateway implementation: By establishing a TCP or UDP connection, this process
applies security mechanisms.
3. Acting as a proxy server: for hiding the true network address we use a proxy server. By
connecting to the internet this proxy server requests for pages. It also established a connection
with the servers. It also receives the data for the computers which are hidden behind this
computer. This proxy server only allowed the specific type of traffic to pass through it like HTTP
files or web pages etc. If we use this proxy server then it slows down the performance of the
network which is the drawback of the proxy server.
IDS and IPS System:
IPS and IDS both are the unbreakable part of the infrastructure of the network. Both are used as the
security system. The IDS is the abbreviation used for the Intrusion detection system and IPS is the
abbreviation used for the Intrusion prevention system (Daş R 2017). IPS System is used to restrict the
traffic of the network depending on the security profile. This security system helps in detecting various
risks that can damage our system.
53 | P a g e
Firewall
A firewall is one of the security systems used to restrict unauthorized users to use the private network.
Firewall we can set in the form of software as well hardware form or we can make the combination of
both. This system restricts unauthorized users especially from using the intranet (Smriti Er 2014). The
entire message transferring in the intranet will go via the firewall. It checked all the messages against
the security criteria and pass if and only if it passes all the criteria.
Following are some types of firewalls:
1. Packet Filtering: data transmission is done in the form of packets. Every packet is examined by
this packet filtering.
2. Circuit-level gateway implementation: By establishing a TCP or UDP connection, this process
applies security mechanisms.
3. Acting as a proxy server: for hiding the true network address we use a proxy server. By
connecting to the internet this proxy server requests for pages. It also established a connection
with the servers. It also receives the data for the computers which are hidden behind this
computer. This proxy server only allowed the specific type of traffic to pass through it like HTTP
files or web pages etc. If we use this proxy server then it slows down the performance of the
network which is the drawback of the proxy server.
IDS and IPS System:
IPS and IDS both are the unbreakable part of the infrastructure of the network. Both are used as the
security system. The IDS is the abbreviation used for the Intrusion detection system and IPS is the
abbreviation used for the Intrusion prevention system (Daş R 2017). IPS System is used to restrict the
traffic of the network depending on the security profile. This security system helps in detecting various
risks that can damage our system.
53 | P a g e
Intrusion Detection Systems (IDS):
This system is used for monitoring and analyzing our network from the cyber threats that can steal your
data from the network. For securing our system from different threats this system uses different polices
like post scanners (Corona IAriu 2009). Intrusion Prevention Systems (IPS): this is the same system is
used in the firewall.
Encryption
Encryption is nothing but the conversion of data into the coding language is known as Encryption
(Mirtalebi Arezoo 2016). This is an excellent way to secure or application. For accessing the
encrypted file we require passwords and keys for decrypting the file. Only After decrypting the file
we can access it (Andreolini 2007).
54 | P a g e
This system is used for monitoring and analyzing our network from the cyber threats that can steal your
data from the network. For securing our system from different threats this system uses different polices
like post scanners (Corona IAriu 2009). Intrusion Prevention Systems (IPS): this is the same system is
used in the firewall.
Encryption
Encryption is nothing but the conversion of data into the coding language is known as Encryption
(Mirtalebi Arezoo 2016). This is an excellent way to secure or application. For accessing the
encrypted file we require passwords and keys for decrypting the file. Only After decrypting the file
we can access it (Andreolini 2007).
54 | P a g e
Introduction
The internet is dangerous! We pay particular attention to websites that refuse to attack or display
information. (Often harmful) In other cases on their website, email, passwords & credit card details will
appear in the public domain, making web users uncomfortable and financially secure. The main goal of
website security is to protect the site from kind of attack (anywhere) and protects a website from being
accessed, used, changed, broken or stopped (Singh A. K. 2012). Successful website security requires
website design efforts: your application, website server optimization, and strategy for updating &
creating passwords and client IDs. It's all good. Of course, if a server-side communication platform is
used, it is a powerful and reliable protection mechanism for common attacks, and other attacks can be
mitigated by updating the web server (e.g. via HTTPS) and eventually installing a scanner.
Critical evolution
Today, the Web app is a popular platform for website data and services. Websites become more popular
and invasive once they become familiar with the use of important services. Although many technologies
have been developed to increase the efficiency of web applications and reduce attacks, very little work
has been done to create links between technologies & to create large images of security investigations
(Daş R. 2015). First, we want to introduce an aspect of development that poses the challenge of
developing applications with security. We will discuss the three types of transactions commonly used in
web applications: poor access control, poor session management, logic detection, and the simplicity that
leads to these errors. Through these two levels, we use existing technologies: the risks they face &
security risks. These steps include creating a new web application, analyzing/testing the security of the
old application, and traditional web publishing security.
55 | P a g e
The internet is dangerous! We pay particular attention to websites that refuse to attack or display
information. (Often harmful) In other cases on their website, email, passwords & credit card details will
appear in the public domain, making web users uncomfortable and financially secure. The main goal of
website security is to protect the site from kind of attack (anywhere) and protects a website from being
accessed, used, changed, broken or stopped (Singh A. K. 2012). Successful website security requires
website design efforts: your application, website server optimization, and strategy for updating &
creating passwords and client IDs. It's all good. Of course, if a server-side communication platform is
used, it is a powerful and reliable protection mechanism for common attacks, and other attacks can be
mitigated by updating the web server (e.g. via HTTPS) and eventually installing a scanner.
Critical evolution
Today, the Web app is a popular platform for website data and services. Websites become more popular
and invasive once they become familiar with the use of important services. Although many technologies
have been developed to increase the efficiency of web applications and reduce attacks, very little work
has been done to create links between technologies & to create large images of security investigations
(Daş R. 2015). First, we want to introduce an aspect of development that poses the challenge of
developing applications with security. We will discuss the three types of transactions commonly used in
web applications: poor access control, poor session management, logic detection, and the simplicity that
leads to these errors. Through these two levels, we use existing technologies: the risks they face &
security risks. These steps include creating a new web application, analyzing/testing the security of the
old application, and traditional web publishing security.
55 | P a g e
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
Comparison Critical evaluation and comparison
Critical evaluation includes design and usability of the website and also includes creating a new web
application, analyzing/testing the security of the old application, and traditional web publishing security.
The account must have the necessary privileges required to operate: do not link to database MySQL as
root, usually not required
It is weak security vulnerability. When it is a single control, it never fails, and it uses open source controls
and recognizes that the weaknesses of the rules are neither secret nor missing.
In terms of security, the financial system is less aggressive (both large and complex).
we do not rely on external communication services
Specify a secure security example (for example, mental health consent): The password can be set by
default and the user can opt-out.
This will use the taint scanning mechanism which is explicit.
For securing web servers we can add rules for firewalls for establishing new connections with the
internal system and external websites.
This will check the files or filenames which are supplied by the users.
Try to secure or hide your private object referencing from the users as and when possible.
Make use of an "accept known good “and validate the private object referencing extensively.
For all the referenced objects we need to verify the authorization.
56 | P a g e
Critical evaluation includes design and usability of the website and also includes creating a new web
application, analyzing/testing the security of the old application, and traditional web publishing security.
The account must have the necessary privileges required to operate: do not link to database MySQL as
root, usually not required
It is weak security vulnerability. When it is a single control, it never fails, and it uses open source controls
and recognizes that the weaknesses of the rules are neither secret nor missing.
In terms of security, the financial system is less aggressive (both large and complex).
we do not rely on external communication services
Specify a secure security example (for example, mental health consent): The password can be set by
default and the user can opt-out.
This will use the taint scanning mechanism which is explicit.
For securing web servers we can add rules for firewalls for establishing new connections with the
internal system and external websites.
This will check the files or filenames which are supplied by the users.
Try to secure or hide your private object referencing from the users as and when possible.
Make use of an "accept known good “and validate the private object referencing extensively.
For all the referenced objects we need to verify the authorization.
56 | P a g e
1 out of 56
![[object Object]](/_next/image/?url=%2F_next%2Fstatic%2Fmedia%2Flogo.6d15ce61.png&w=640&q=75){kind=small}
Your All-in-One AI-Powered Toolkit for Academic Success.
+13062052269
info@desklib.com
Available 24*7 on WhatsApp / Email
![[object Object]](/_next/static/media/star-bottom.7253800d.svg)
Unlock your academic potential
© 2024 | Zucol Services PVT LTD | All rights reserved.