Cybersecurity Lab Report: Web Application and Database Vulnerabilities

Verified

Added on 2022/12/18

AI Summary

This document presents a comprehensive solution to a web and database attack lab assignment. The student performed penetration tests to identify and exploit vulnerabilities like cross-site scripting (XSS) and SQL injection using the Damn Vulnerable Web Application (DVWA). The lab emphasizes the importance of penetration testing in ensuring the confidentiality, availability, and integrity of web applications. The report discusses the significance of including penetration testing as part of an organization's security policy to prevent attacks. The assignment covers the identification of web server and database vulnerabilities, the execution of attacks, and the implementation of security countermeasures, including monitoring SQL injections and identifying software vulnerabilities. The student also provides recommendations for incorporating penetration testing into implementation procedures to ensure robust web application security.

MEMO
DATE: (Today’s Date)
TO: (Tutor’s Name)
FROM: (Student’s Name)
RE: Perform a website and Database attack
In lab eight I performed simple penetration tests. This was done to verify cross-site
scripting (XSS) exploit and SQL injection using Damn Vulnerable Web application. DVMWA is
a tool which I left intentionally to assist learning more about web security. Another tool which
was used was a web browser and simple command strings; the tools were used to identify the IP
target and the known weaknesses or vulnerabilities from both the web server and the web
application.
From the lab, it is very important to perform penetration tests this because of;
 Makes sure that no one is able to penetrate to a web application once it is online
 It ensures Confidentiality, availability and integrity
 Allows one to patch the web server vulnerabilities
From the above three reasons then it is important to endure that an organization performs
penetration tests. To do this an organization needs to ensure that penetration testing is part of
organization security policy. In the policy the statement ought to indicate that no production of a
web application or putting a web application live or on the internet before proper penetration is
done.

Secure Best Marks with AI Grader

Need help grading? Try our AI Grader for instant feedback on your assignments.

Despite the presence of a web application firewall some vulnerabilities will still remain
unless an organization uses other sophisticated security tools. Some of the weaknesses which
will still remain are the logical ones i.e. those which are associated with server software, network
infrastructure devices, and organization computers. Also weaknesses as a result of employee not
following organization procedures will still remain.