Is335010 Assessment Worksheet
Lab #5 – Assessment Worksheet
Attacking a Vulnerable Web Application and Database
Course Name and Number: IA5010
Student Name: Taranjit Saini
Instructor Name: Paul Burke
Lab Due Date: March 1st, 2015
Lab Assessment Questions & Answers
1. Why is it critical to perform a penetration test on a Web application and a Web server prior to production implementation?
Penetration testing, on Web applications and Web servers is a critical step in ensuring the confidentiality, integrity, and availability (CIA) of the Web application or service. If e-commerce or privacy data is entered into the Web application, the company is bound by compliance laws and standards to ensure the confidentiality of customer data. It is especially critical when the Web application requires customers to input private data.
2. What is a cross-site scripting attack? …show more content…
The goal of an XSS attack is to gain administrator or some other elevated level of user privileges.
3. What is a reflective cross-site scripting attack?
A reflective cross-site scripting attack is a non-persistent attack in which all input shows output on the user’s/attacker’s screen and does not modify data stored on the server.
4. Based on the tests you performed in this lab, which Web application attack is more likely to extract privacy data elements out of a database?
SQL Injection Attack
5. If you can monitor when SQL injections are performed on an SQL database, what would you recommend as a security countermeasure to monitor your production SQL databases?
Database administrators should monitor their SQL databases for unauthorized or abnormal SQL injections and write scripts for alarming as well as Simple Network Management Protocol (SNMP) alerts. Additional safeguards can be placed that include encrypting the data elements that reside in long-term storage of the SQL
Attacking a Vulnerable Web Application and Database
Course Name and Number: IA5010
Student Name: Taranjit Saini
Instructor Name: Paul Burke
Lab Due Date: March 1st, 2015
Lab Assessment Questions & Answers
1. Why is it critical to perform a penetration test on a Web application and a Web server prior to production implementation?
Penetration testing, on Web applications and Web servers is a critical step in ensuring the confidentiality, integrity, and availability (CIA) of the Web application or service. If e-commerce or privacy data is entered into the Web application, the company is bound by compliance laws and standards to ensure the confidentiality of customer data. It is especially critical when the Web application requires customers to input private data.
2. What is a cross-site scripting attack? …show more content…
The goal of an XSS attack is to gain administrator or some other elevated level of user privileges.
3. What is a reflective cross-site scripting attack?
A reflective cross-site scripting attack is a non-persistent attack in which all input shows output on the user’s/attacker’s screen and does not modify data stored on the server.
4. Based on the tests you performed in this lab, which Web application attack is more likely to extract privacy data elements out of a database?
SQL Injection Attack
5. If you can monitor when SQL injections are performed on an SQL database, what would you recommend as a security countermeasure to monitor your production SQL databases?
Database administrators should monitor their SQL databases for unauthorized or abnormal SQL injections and write scripts for alarming as well as Simple Network Management Protocol (SNMP) alerts. Additional safeguards can be placed that include encrypting the data elements that reside in long-term storage of the SQL