Your All-in-One AI-Powered Toolkit for Academic Success.

+13062052269

info@desklib.com

Available 24*7 on WhatsApp / Email

Company

Tools

Support

Digital Security Fundamentals Lab Reflection Questions - Week 01-05

Verified

Added on 2019/09/30

AI Summary

This assignment comprises reflection questions and answers from five weeks of digital security labs, covering fundamental concepts and practical applications. The first week explores promiscuous mode, Wireshark, and network sniffing. Week two delves into NMAP, Zenmap, and TCP/UDP ports. Week three focuses on symmetric encryption and Linux file permissions, while week four examines asymmetric encryption, Telnet, SSH, and reverse shells. Finally, week five covers secure hash functions and proxy servers. The answers provide detailed explanations and insights into each topic, offering a comprehensive understanding of digital security principles and tools. This assignment aims to enhance the understanding of digital security concepts and their practical application in real-world scenarios, providing students with a solid foundation in cybersecurity fundamentals.

Contribute Materials

Your contribution can guide someone’s learning journey. Share your documents today.

Week 01 - Lab Exercise Digital Security Fundamentals
Reflection questions:
1. What does promiscuous mode mean?
Promiscuous mode is a network security and monitoring technique that
enables access to entire network data packets by any configured network
adapter on a host system.It sets the mode for both a wired network interface
controller (NIC) or wireless network interface controller (WNIC) that causes
the controller to pass all traffic it receives to the central processing unit (CPU)
rather than passing only the frames that the controller is specifically
programmed to receive. This mode is normally used for packet sniffing that
takes place on a router or on a computer connected to a wired network or one
being part of a wireless LAN. Some Applications that use the Promiscuous
mode are NetScout Sniffer, Wireshark (formerly Ethereal),VMware’s VMnet
bridging ,Cryptanalysis.. etc
2. How do you set promiscuous mode in Linux?
• To set the promiscuous mode on the physical NIC, run the following
command:
# ifconfig eth0 promisc
Disable Promiscuous Mode
• To disable promiscuous mode on the physical NIC, run the following
command:
# ifconfig eth0 –promisc

Secure Best Marks with AI Grader

Need help grading? Try our AI Grader for instant feedback on your assignments.

3.Does a network interface card on a sniffer need an IP address? And Why?
No, the sniffer doesn't require an IP address, it wants to remain invisible to the
other machines in order to intercept messages undetected.
4. What is APR traffic?
ARP stands for Address Resolution Protocol. When you try to ping an IP
address on your local network, say 192.168.1.1, your system has to turn the
IP address 192.168.1.1 into a MAC address. This involves using ARP to
resolve the address, hence its name.
Systems keep an ARP look-up table where they store information about what
IP addresses are associated with what MAC addresses. When trying to send
a packet to an IP address, the system will first consult this table to see if it
already knows the MAC address. If there is a value cached, ARP is not used.
5.How do you start Wireshark from a terminal in Linux?
To start Wireshark enter the command
wireshark -k
The -k option specifies that Wireshark should start capturing packets
immediately. This option requires the use of the -i parameter to specify the
interface that packet capture will occur from.
6.How do you choose the interface to capture traffic on in Wireshark?
To choose the interface to capture traffic we can do it by getting an overview
of available interfaces.

• To get an overview of the available interfaces we can use the “Capture
Interfaces” dialog box (Capture → Options…).
• We can start a capture using the current settings by selecting Capture →
Start or by clicking the first toolbar button.
If you already know the name of the capture interface you can start Wireshark
from the command line:
$ wireshark -i eth0 -k
7.How do you display web traffic captured in Wireshark?

To display the capture traffic, click your wireless interface. You can configure
advanced features by clicking Capture > Options,
As soon as you click the interface’s name, you’ll see the packets start to
appear in real time. Wireshark captures each packet sent to or from your
system.
8. Are FTP username and passwords encrypted?
No,In FTP both the command and data channels are unencrypted.The
username and passwords are unencrypted .So any data sent over these
channels can be intercepted and read.
9.Why would a network admin use a sniffer?
Network admin uses the Sniffer for the following reasons.
• To monitor and analyse data packets flowing over computer networks.
• To examine traffic on the network and to prevent traffic bottlenecks.
• To determine the health of network and diagnose network related issue.

Secure Best Marks with AI Grader

Need help grading? Try our AI Grader for instant feedback on your assignments.

10. What is the DVL Virtual Machine?
Damn Vulnerable Linux (DVL)is a learning tool for security. It is broken, ill-
configured, outdated, and exploitable software that makes it vulnerable to
attacks.DVL is a live CD available as a 150MB ISO.It contains older, easily
breakable versions of Apache, MySQL, PHP, and FTP and SSH daemons, as
well as several tools available to help you compile, debug, and break
applications running on these services, including GCC, GDB, NASM, strace,
ELF Shell, DDD, LDasm, LIDa, and more.
11.What did you do in today’s lab?
In todays lab i have learnt about promiscuous mode in Linux, Wireshark,
Sniffers.
Week 02 - Lab Exercise Introduction to Cryptographic Principles
Reflection questions:
1.Why is NMAP useful for people working in network security?
• Open-source tool for vulnerability scanning and network discovery.
• To identify what devices are running on their systems.
• To discover hosts that are available and the services they offer.
• To find open ports and detecting security risks.
• To monitor single hosts as well as vast networks
2. Compare and contrast UDP with TCP.

3. What is the syntax to scan a remote machine for open TCP ports?
• To scan for TCP connections Type:
sudo nmap -sT remote_host
4.What is the syntax to scan a remote machine for open UDP ports?
• To scan for UDP connections, type:
sudo nmap -sU remote_host
5.What is ZENMAP?

Zenmap is the official
graphical user interface
(GUI) for the Nmap
Security Scanner. It is a multi-platform, free and open-source application
designed to make Nmap easy for beginners to use while providing advanced
features for experienced Nmap users.
Typical Zenmap screen
shot
6.What did you do in today’s lab?
In todays lab I learnt about NMAP, ZenMap Interface,TCP and UDP Ports.
Week 03 - Lab Exercise Symmetric Encryption
Reflection questions:
1.What is the command to add a group to the system, in Linux?
The groupadd command can be used in Linux to add groups to the system.
The basic syntax of Linux groupadd command is groupadd <groupname>. If

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

no command-line options are used, the group is created with the next
available Group ID number (GID) above 499. To specify a GID, use the
groupadd -g <gid> <group-name> command.
[root@RHEL2 ~]# groupadd engineering
2.What is the command to give a user a password, in Linux?
Create password for an user
Passwd username
Example command:
root@linuxnix.com:/home/surendra# passwd krishan
Enter new UNIX password:
Retype new UNIX password:
passwd: password updated successfully
3.What is the command to add a user to the system, in Linux?

To add/create a new user, all you’ve to follow the command ‘useradd‘
or ‘adduser‘ with ‘username’. The ‘username’ is a user login name, that is
used by user to login into the system.
Only one user can be added and that username must be unique (different
from other username already exists on the system).
For example, to add a new user called ‘tecmint‘, use the following command.
[root@tecmint ~]# useradd tecmint
4.Where is the users encrypted password hash stored, in Linux?
Linux encrypted passwords are stored in the /etc/shadow file. The Secure
Hash Algorithms (SHA) are a set of hash functions often used to hash
passwords.The algorithms supported are MD5 , Blowfish , SHA256 and
SHA512.
5.What is the command to give the GROUP READ and WRITE permissions
for the HR folder using symbolic permissions?
If you have a folder named HR, To add GROUP READ and WRITE
permissions
chmod d g+rx HR
6.What is the command to take away READ and EXECUTE permissions for
others for HR the folder using symbolic permissions?
chmod d o–rx HR

7.What is the command to give the user, group and others, READ and WRITE
permissions for the HR folder using absolute permissions?
chmod ugo+rw HR
8.What is the command to give the user, group and others, READ and
EXECUTE permissions for the HR folder using absolute permissions?
Chmod ugo +rx HR
9. What did you learn in today’s lab?
In todays lab i learnt about the Linux commands and Linux file permissions for
the folder.

Secure Best Marks with AI Grader

Need help grading? Try our AI Grader for instant feedback on your assignments.

Week 04 - Lab Exercise Asymmetric Encryption
Reflection questions:
1.What is telnet?
Telnet (TN) is a networking protocol and software program used to access
remote computers and terminals over the Internet or a TCP/IP computer
network. A terminal emulation that enables a user to connect to a remote host
or device using a telnet client, usually over port 23. For example, typing telnet
hostname would connect a user to a host named hostname.
2.How do you start a telnet session?
To Start the Telnet Session
Open a command-line window on the network-management workstation, type
telnet 192.168.70.125, and press Enter. The IP address 192.168.70.125 is the
default IP address of the management module; if a new IP address has been
assigned to the management module, use that one instead. You can also
substitute a valid host name instead of using an IP address.
3.What tool could you use to crack telnet passwords?

Tools used to crack telnet passwords
Hydra
Ncrack
Patator
Metasploit
4.Which is better to use: SSH or Telnet, and why?
SSH is better to use .The key difference between Telnet and SSH is that SSH
uses encryption, which means that all data transmitted over a network is
secure from eavesdropping. SSH uses the public key encryption for such
purposes.
5.What is a reverse shell?
A reverse shell is a type of shell in which the target machine communicates
back to the attacking machine. The attacking machine has a listener port on
which it receives the connection, which by using, code or command execution
is achieved.
It's a(n insecure) remote shell introduced by the target. That's the opposite of
a "normal" remote shell, that is introduced by the source.

6.Why might I want to use a reverse shell?
We would use reverse shell in the following scenarios
• The target machine is behind a different private network.
• The target machine's firewall blocks incoming connection attempts to your
bindshell.
• Your payload is unable to bind to the port it wants due to whatever reason.
• You simply can't decide what to choose
7.Are the username and password encrypted using Telnet?
No, The Username and password are not encrypted using Telnet.The
encryption in telnet is based upon a shared secret key, not a public/private
key system. ... If you do not have valid kerberos tickets, you can not establish
a secure and encrypted connection with our current telnet client or telnet
server programs
8.How do you mitigate the use of Telnet?
Disadvantages of Telnet:
• The Telnet session between the client and the server is not encrypted.
• Anyone with access to the TCP/IP packet flow between the communicating
hosts can reconstruct the data that flows between the endpoints and
• Anyone can read the messaging, including the usernames and passwords
that are used to log in to the remote machine.

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

• This network attack requires very little expertise and can be performed with
network debugging tools that are readily available.
Replace Telnet with SSH
• SSH (Secure Shell) provides a secure alternative to Telnet.
• SSH protects user identities, passwords, and data from network snooping
attacks, and allows secure logins and file transfers.
• SSH has practically replaced Telnet, and the older protocol is used these
days only in rare cases to access decades old legacy equipment that does
not support more modern protocols..
• For Unix and Linux operating systems, the OpenSSH implementation comes
free with the operating system and can be used to replace Telnet.
9.What ports does Telnet use?
The default port for Telnet client connections is 23; to change this default,
enter a port number between 1024 and 32,767
10.What ports does SSH use?
The default port for SSH client connections is 22; to change this default, enter
a port number between 1024 and 32,767
11.What did you learn in today’s lab?
In todays lab i learnt about Telnet, SSH , the ports used ,the concept of
Reverse shells .

Week 05 - Lab Exercise Secure Hash Functions
Reflection questions:
1.What is a proxy server, and why use it?
A proxy server, also known as a "proxy" or "application-level gateway", is a
computer that acts as a gateway between a local network (for example, all the
computers at one company or in one building) and a larger-scale network
such as the internet.
Uses of Proxy Server:
• provides increased performance and security.
• facilitates security, administrative control or caching services.
• enables user privacy and anonymous surfing.
• shares Internet connections on a local area network.
• hides IP address, implement Internet access control, access blocked
websites
2.What port did you use as the proxy port?
Port 8080 is an alternative to port 80 and is used primarily for http traffic. ...
Port 8080 is commonly used as proxy and caching port
3.What is SSL and what port does SSL use?
SSL stands for "secure sockets layer" and is a form of security for sites that
handle sensitive information such as visitor's personal information and credit

card numbers. It creates a secure connection between a visitor's web browser
and the server of the company.
HTTPS uses a default port number of 443 (80 for HTTP) and that HTTPS
automatically performs SSL.So, SSL uses port 443
4.What is openSSL?
OpenSSL is a tool which implements cryptographic protocol functions and
standards of Secure Sockets Layer (SSL) and Transport Layer Security (TLS)
protocols. In short, it is the tool which deals with cryptography, encryption and
security in linux.
The major use of OpenSSL is to generate self-signed certificates
5.What is HTTPS and what port does it use?
Hypertext Transfer Protocol Secure (HTTPS) is an extension of the Hypertext
Transfer Protocol (HTTP). It is used for secure communication over a
computer network, and is widely used on the Internet.[1][2] In HTTPS, the
communication protocol is encrypted using Transport Layer Security (TLS).
Secure HyperText Transfer Protocol (HTTPS) is for all practical purposes
HTTP. The chief distinction is that it uses TCP Port 443 by default, so HTTP
and HTTPS are two separate communications. HTTPS works in conjunction
with another protocol, Secure Sockets Layer (SSL), to transport data safely
6.Why and when would you use HTTPS? What port does HTTPS use?
• HTTPS uses a default port number of 443.
• HTTPS automatically performs SSL negotiation and thus always sends data
in encrypted form, i.e. web servers accessed through https:// have to be

Secure Best Marks with AI Grader

Need help grading? Try our AI Grader for instant feedback on your assignments.

"secure web servers".So when the data sent is needed to be encrypted then
we use HTTPS for security.
7.What is the command to create and openSSL RSA key?
We can generate a public and private RSA key pair like this:
openssl genrsa -des3 -out private.pem 2048
That generates a 2048-bit RSA key pair, encrypts them with a password you
provide, and writes them to a file. You need to next extract the public key file.
You will use this, for instance, on your web server to encrypt content so that it
can only be read with the private key.
8.What is Apache?
Apache is the most widely used web server software. Developed and
maintained by Apache Software Foundation.Apache Web Server is an open-
source web server creation, deployment and management software.
Apache Web Server is designed to create web servers that have the ability to
host one or more HTTP-based websites. Notable features include the ability to
support multiple programming languages, server-side scripting, an
authentication mechanism and database support. Apache Web Server can be
enhanced by manipulating the code base or adding multiple extensions/add-
ons
9.How do you restart Apache?

Generic method to start/stop/restart Apache on a Linux/Unix
The syntax is as follows (must be run as root user):
## stop it ##
apachectl -k stop
## restart it ##
apachectl -k restart
## graceful restart it ##
apachectl -k graceful
## Start it ##
apachectl -f /path/to/your/httpd.conf
apachectl -f /usr/local/apache2/conf/httpd.conf
What did you learn in today’s lab?
In todays lab i learnt about Proxy Server ,Open SSL, HTTPS and its
ports,Apache WebServer, RSA Key Generation.
Week 06 - Lab Exercise PKI & CA
Reflection questions:
1.What is steganography?

Steganography is data hidden within data. Steganography is an encryption
technique that can be used along with cryptography as an extra-secure
method in which to protect data.
Steganography techniques can be applied to images, a video file or an audio
file. Typically, however, steganography is written in characters including hash
marking, but its usage within images is also common. At any rate,
steganography protects from pirating copyrighted materials as well as aiding
in unauthorized viewing
2.What type of files can you hide other files in?
The type of files that can be hidden in other files are file, message, image, or
video.The file formats JPEG, BMP, WAV,AU,GIF and JPG are supported.
3.What stego tools are there is Kali?
There’s two primary tools available in Kali Linux for Steganographic use.
a. Steghide
b. StegoSuite
4.How can you check for hidden stego files?
There are many open source tools to detect the stego files.Examples of such
tools are StegSecret, VSL, StegExpose and StegDetect.
5.What does the du command mean?
du command, short for disk usage, is used to estimate file space usage.

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

The du command can be used to track the files and directories which are
consuming excessive amount of space on hard disk drive.
If we want to print sizes in human readable format(K, M, G), use -h option
6.What are “Alternative Data Streams” in NFTS and how might malware use
this?
Alternate Data Streams within NTFS allow the embedding of metadata in files
or folders without altering their original functionality or content.In NTFS, the
main data stream refers to the standard content (if any) of the file or folder,
and this is usually visible to the user, while alternate data streams are
hidden.Alternate streams do not have any size limits and several streams can
be linked to a normal file. The contents of ADS is not limited to text data;
essentially any file that is in binary format can be embedded as an alternate
stream.
Malware may use this as follows
• As alternate data streams are hidden, hackers like to exploit ADS by
embedding viruses in them for malicious purposes.
Syntax :
du [OPTION]... [FILE]...
du [OPTION]... —files0-from=F
Examples :
du /home/mandeep/test
Output:
du -h /home/mandeep/test
Output:
44K /home/mandeep/test/data

• Viruses like the W2K.Stream employed ADS to infect and spread amongst
Windows NT systems
7.What did you learn in today’s lab?
In todays lab i learnt about steganography, steganalysis, stego tools,
Alternative Data Streams, du Command
Week 07 - Lab Exercise Trusted Computing and Anonymous Systems
Reflection questions:
1.What is John the Ripper?
John the Ripper is a popular open source password cracking tool that
combines several different cracking programs and runs in both brute force
and dictionary attack modes.
John the Ripper is often used in the enterprise to detect weak passwords that
could put network security at risk, as well as other administrative purposes.
The software can run a wide variety of password-cracking techniques against
the various user accounts on each operating system and can be scripted to
run locally or remotely.
2.Where are user name and passwords stored in Linux?

The /etc/passwd is the password file that stores each user account. The
/etc/shadow file stores contain the password information for the user account.
3.What is an NTLM hash?
In a Windows network, NT (New Technology) LAN Manager (NTLM) is a suite
of Microsoft security protocols that provides authentication, integrity, and
confidentiality to users. NTLM is the successor to the authentication protocol
in Microsoft LAN Manager (LANMAN), an older Microsoft product.
4.What is the command to crack NTLM hashes using Hashcat?
The command to crack NTLM hashes using Hashcat is
5.Can you reverse engineer a hash? So, how does hashcat work?
So the hash can either be 0 or 1. ... But that hash function we use for
passwords can also be used to calculate the hash of an entire terabyte of
data, and the hash will still take only 128 bits of data. Obviously, you cannot
reverse engineer that 128 bit hash and recover your terabyte of data.
Example of how Hashcat Works
6.What is Cain and Abel?
hashcat -m 1000 password.hash rockyou.txt (m=mode of cracking ,
1000 for NTLM hashes)

Secure Best Marks with AI Grader

Need help grading? Try our AI Grader for instant feedback on your assignments.

Cain and Abel (often abbreviated to Cain) is a password recovery tool for
Microsoft Windows. It can recover many kinds of passwords using methods
such as network packet sniffing, cracking various password hashes by using
methods such as dictionary attacks, brute force and cryptanalysis attacks.
7.Why might a network admin use John, or Hashcat?
• To detect weak passwords that could put network security at risk.
8. What did you learn in lab Today ?
In todays lab i learnt about John the Ripper,HashCat,Cain and Abel,NTLM.
Week 08 - Lab Exercise Virtual Private Networks
Reflection questions:
1.What is leafpad?
Leafpad is an open source text editor for Linux, BSD, and Maemo. Created
with the focus of being a lightweight text editor with minimal dependencies, it
is designed to be simple and easy-to-compile. Leafpad is the default text
editor for LXDE Desktop environment, including Lubuntu up to version 18.04
LTS
2.Why are logs important in network security?
• For security professionals a log is used to record data on who, what, when,
where, and why (W5) an event occurred for a particular device or
application.

• The logs have the ability to monitor the activities of the application or device
to ensure expected or normal operations.
3.How often should logs be reviewed?
How often you should analyze your log data really depends on the reason
why you are carrying out the task in the first place, i.e., why are you analyzing
your logs, and what exactly are you interested in finding.
Any seriously suspicious behaviour or critical events must generate an alert
that is assessed and acted on.
4.Where are logs stored in Linux?
Files are stored in plain-text and can be found in the /var/log directory and
subdirectory. There are Linux logs for everything: system, kernel, package
managers, boot processes, Xorg, Apache, MySQL.
5.Where are logs stored in Windows?
The type of information stored in Windows event logs. The Windows
operating system records events in five areas: application, security, setup,
system and forwarded events. Windows stores event logs in the C:\
WINDOWS\system32\config\ folder.
6.How do you clear windows logs?
Steps to clear the Window logs

1. Firstly, you need to access the Event Viewer window. To do this, you
can open the Run prompt and provide the "eventvwr.msc" command to
launch.
2. Additionally, you can also press Windows and X key on your keyboard
at the same time to get a quick access menu. From here, select the "Event
Viewer" option to open the window.
3. This will launch the Event Viewer interface. From here, you can access
all the event logs and edit them as per your needs.
4. From the left panel, under the "Windows Log" section, most of the logs
can be accessed. To clear any kind of log, select it, right-click, and choose the
option of "Clear Log".
5. For instance, if you wish to clear application logs, select "Application"
and right-click. Out of all the provided options, click on "Clear Log".
6. You can also selectively clear Windows event log as well. To do this,
select the event log type from the left panel. Afterward, you can access the log
you wish to delete from the right panel and choose the "Clear Log" option from
the list of Actions.
7. We have done the same to clear a System Log. After selecting
"System" from the left panel, a selection is made on the right side. In the end,
the "Clear Log" action is selected to delete event log.
8. As soon as you would make your selection, you will get the following
pop-up message. This will let you clear your logs or save and clear it.
9. Confirm your choice and wait for a while as Windows will delete event
log from it.
7.Where are wordlists stored in Kali, and what do you use them for?

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

The word list that are built into Kali are located in the /usr/share/wordlists
directory. They are compressed with Gzip. A popular wordlist in Kali is called
“rockyou”
8.What did you do in today’s lab?
In todays lab i have learned about leaped editor, importance of logs in
windows and linux. And where the wordlists in kali are stored.
Week 09 - Lab Exercise Securing Web Apps (#1)
Reflection questions:
1.What is the SET toolkit?
The Social-Engineering Toolkit (SET) is a python-driven suite of custom tools
which solely focuses on attacking the human element of penetration testing.
It's main purpose is to augment and simulate social-engineering attacks and
allow the tester to effectively test how a targeted attack may succeed.
Social-Engineering toolkit available on backtrack like on backtrack 5, backbox,
blackbuntu, Gnacktrack and other Linux distribution that are used for
penetration testing

2.What other tools have we already used, instead of SET, to obtain open
ports on a system?
Nmap can be used to scan for the open ports. Metasploit is the best tool
instead of SET.
,
3.What is Metasploit?
The Metasploit Framework is a Ruby-based, modular penetration testing
platform that enables us to write, test, and execute exploit code. The
Metasploit Framework contains a suite of tools that you can use to test
security vulnerabilities, enumerate networks, execute attacks, and evade
detection.
4.What is a reverse shell?
A reverse shell is a shell initiated from the target host back to the attack box
which is in a listening state to pick up the shell. A bind shell is setup on the
target host and binds to a specific port to listens for an incoming connection
from the attack box.
5.What is a meterpreter session and why might I use one?
Meterpreter is an advanced, dynamically extensible payload that uses in-
memory DLL injection stagers and is extended over the network at runtime. It
communicates over the stager socket and provides a comprehensive client-
side Ruby API. It features command history, tab completion, channels, and
more.

6.Why might a network admin use Metasploit and meterpreter?
• These are quality tools that IT security experts are using every day in their
jobs as network security and pen-testing professionals.
• To ease the effort to exploit known vulnerabilities in networks, operating
systems and applications,
• To develop new exploits for new or unknown vulnerabilities
7.What did you do in today’s lab?
In todays lab i learnt about Metaspoilt, SET, Meterpreter. Its uses for the
network admin to prepare for vulnerabilities.
Week 10 - Lab Exercise Securing Web Apps (#2)
Reflection questions:
1.What is OWASP, and what is OWASP top 10 about?
The Open Web Application Security Project™ (or OWASP for short). ...
OWASP is in a unique position to provide impartial, practical information about
AppSec to individuals, corporations, universities, government agencies, and
other organizations worldwide.

Secure Best Marks with AI Grader

Need help grading? Try our AI Grader for instant feedback on your assignments.

The OWASP Top Ten is a list of the 10 most dangerous current Web
application security flaws, along with effective methods of dealing with those
flaws.
Below are the security risks reported in the OWASP Top 10 2017 report:
1. Injection. ...
2. Broken Authentication. ...
3. Sensitive Data Exposure. ...
4. XML External Entities (XEE) ...
5. Broken Access Control. …
6. Security Misconfiguration
7. Cross-Site Scripting. ...
8. Insecure Deserialization. ...
9. Using Components With Known Vulnerabilities
10. Insufficient Logging And Monitoring
2.What is WebGoat?
WebGoat is a deliberately insecure web application maintained by OWASP
designed to teach web application security lessons. This program is a
demonstration of common server-side application flaws. This program is for
educational purposes only.
3.What is SQL?
Structured Query Language (SQL) is a standard computer language for
relational database management and data manipulation. SQL is used to

query, insert, update and modify data. Most relational databases support
SQL, which is an added benefit for database administrators (DBAs), as they
are often required to support databases across several different platforms.
4.Write the command for an SQL query?
SELECT is the most commonly used data query language (DQL) command.
The SELECT statement has many optional clauses:
WHERE specifies which rows to retrieve.
GROUP BY groups rows sharing a property so that an aggregate function can
be applied to each group.
HAVING selects among the groups defined by the GROUP BY clause.
ORDER BY specifies an order in which to return the rows.
AS provides an alias which can be used to temporarily rename tables or
columns.
5.What are the risks associated with SQLi?
A SQL injection attack consists of insertion or "injection" of a SQL query via
the input data from the client to the application. A successful SQL injection
exploit can read sensitive data from the database, modify database data
(Insert/Update/Delete), execute administration operations on the database
(such as shutdown the DBMS), recover the content of a given file present on
the DBMS file system and in some cases issue commands to the operating
system.
6.How do you test for SQL injection vulnerability?

Time-based blind
Error-based
UNION query-based
Boolean-based blind
Stacked queries
Out-of-band
7.What is DVWA?
Damn Vulnerable Web Application (DVWA).Damn Vulnerable Web App
(DVWA) is a PHP/MySQL web application that is damn vulnerable. Its main
goals are to be an aid for security professionals to test their skills and tools in
a legal environment, help web developers better understand the processes of
securing web applications and aid teachers/students to teach/learn web
application security in a class room environment.
8.What is XSS?
Cross-Site Scripting (XSS) attacks are a type of injection, in which malicious
scripts are injected into otherwise benign and trusted websites. XSS attacks
occur when an attacker uses a web application to send malicious code,
generally in the form of a browser side script, to a different end user. Flaws
that allow these attacks to succeed are quite widespread and occur anywhere
a web application uses input from a user within the output it generates without
validating or encoding it.
9.How do you test for XSS vulnerability?

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

Black Box Testing, in order to test against XSS attack, black box testing can
be performed.If a good black box testing technique is selected and performed
accurately, then this should be much enough.
While starting testing, a tester should consider which website’s parts are
vulnerable to the possible XSS attack.It is better to list them in any testing
document and this way we will be sure, that nothing would be missed. Then,
the tester should plan for what code or script input fields have to be checked.
It is important to remember, what results mean, that application is vulnerable
and it analyzes the results thoroughly.
10.What are the risks associated with XSS?
• XSS are riskiest attacks, as its main purpose is to steal the website’s or
system’s user identities.
• XSS attack can be performed with different client-side languages like
Javascript, HTML, VBScript, Flash, etc. And this makes it more harmful and
widespread than the other possible attacks.
• XSS attack is riskier because the possibility to be stored in the web service
this way it can affect many users for a longer period of time.
11.Name FOUR other web flaws you can practise in WebGoat?
Broken Authentication
AJAX Security
Denial of Service
Improper Error Handling