Academic Integrity: tutoring, explanations, and feedback — we don’t complete graded work or submit on a student’s behalf.

lab 5 1. Why is it critical to perform a penetration test on a web application a

ID: 3724904 • Letter: L

Question

lab 5

1. Why is it critical to perform a penetration test on a web application and a web server prior to production implementation?

2. What is a cross-site scripting attack? Explain in your own words.

3. What is a reflective cross-site scripting attack?

4. Based on the tests you performed in this lab, which web application attack is more likely to extract privacy data elements out of a database?

5. If you can monitor when SQL injections are performed on an SQL database, what would you recommend as a security countermeasure to monitor your production SQL databases?

6. Given that Apache and Internet Information Services (IIS) are the two most popular web application servers for Linux and Microsoft® Windows platforms, what would you do to identify known software vulnerabilities and exploits?

7. What can you do to ensure that your organization incorporates penetration testing and web application testing as part of its implementation procedures?

8. What is the purpose of setting the DVWA security level to low before beginning the remaining lab steps?

Explanation / Answer

1. It is critical to perform penetration test on the web application and a web server before the product implementation because it ensures confidentiality and the integrity is maintained . It also makes sure to find any issues like if the application is open to malicious attacks . The customer's information is also protected by penetration test.

2. The cross site scripting attack exploits the cross site scripting vulnerability , it is the SQL injection attack . This type of attack injects the XSS script into web pages viewed by other users. To prevent this type of attacks open source libraries are used.

3. Reflective cross-site scripting attack is a type of non persistent attack , the data stored in the server is not modified , and the response id dynamically generated by web application with the help of non-sanitized data from the client scripts. The client scripts can be Javascript , VB script etc .

4. The SQL injection attack is more likely , because SQL injections enter database with administrator rights . To prevent this type of attack java should be used on websites

Related Questions

lI. The Murdock Corporation reported the following balance sheet data for 2018 a
Question #2560771
lILyplus.com/edugen/student/mainfr.uni e,, dy & Practice n Assignment Assignment
Question #2600621
lILyplus.com/edugen/student/mainfr.uni e,, dy & Practice n Assignment Assignment
Question #2600653
lIOn, ilBugH he heeds turther information to confirm the diagnosis. What led him
Question #3520623
lIn rabbits, expression of certain genes (such as the Himalayan allele of the ty
Question #3268910
lIn rabbits, expression of certain genes (such as the Himalayan allele of the ty
Question #3295528
lList - print linkedlist: lList.size() - print linkedlist size: 1 lList.size() -
Question #3542617
lMTS RUS 3G 10:41 PM Question 2 Question 1 1) The water diet requires one to dri
Question #3045498

Navigate

Previous
lab 4 code= package lab04; import java.io.*; import java.util.Scanner; public cl
Next
lab 8 exp 1 [Compa E INSERT DESIGN PAGE LAYOUT REFERENCES MAILINGS REVIEW VIEW F

Integrity-first tutoring: explanations and feedback only — we do not complete graded work. Learn more.