IS3445 Unit 4 Lab
1 What is brute force attack and how can the risks of these attacks be mitigated.
It is a cryptanalytic attack that can be used against any encrypted data. It can be mitigated by choosing suitable passwords and putting in place lockouts that restrict access after x number of failed login attempts will significantly assist in reducing the risk of brute-force attacks.
2. Explain a scenario where a hacker may use Cross Site Request Forgery (CRFS) to perform authorized transactions.
If you are on a bad site such as a bad movie upload page or a smut website the hacker can use that to pass false authorization.
3. What is the proper way to prevent XSS attack?
The first rule is to deny all
4. If an attacker wishes to place a phishing page on a website, what is a common vulnerability that can be exploited to successfully do this?
Criminals often use social engineering along with vulnerabilities in applications such as web browsers or email clients to trick users into installing malicious code on their computer.
5. What can be the impact of a successful SQL injection?
A successful SQL injection exploit can read sensitive data from the database, modify database data (Insert/Update/Delete), execute administration operations on the database, and recover the content of a given file present on the DBMS file system and in some cases issue commands to the operating system.
6. What is the difference with a blind SQL injection attack from a normal SQL injection attack? The only difference being the way the data is retrieved from the database.
7. Why are stored XSS vulnerabilities a major risk for web applications
Cross-Site Scripting is a type of injection problem in which malicious scripts (vb, js etc.) are into a trusted web site. XSS flaws occur whenever an application takes untrusted (typically user supplied) data and sends it invalidated to a web browser. XSS allows attackers to execute script in the victim’s browser and the malicious script can
It is a cryptanalytic attack that can be used against any encrypted data. It can be mitigated by choosing suitable passwords and putting in place lockouts that restrict access after x number of failed login attempts will significantly assist in reducing the risk of brute-force attacks.
2. Explain a scenario where a hacker may use Cross Site Request Forgery (CRFS) to perform authorized transactions.
If you are on a bad site such as a bad movie upload page or a smut website the hacker can use that to pass false authorization.
3. What is the proper way to prevent XSS attack?
The first rule is to deny all
4. If an attacker wishes to place a phishing page on a website, what is a common vulnerability that can be exploited to successfully do this?
Criminals often use social engineering along with vulnerabilities in applications such as web browsers or email clients to trick users into installing malicious code on their computer.
5. What can be the impact of a successful SQL injection?
A successful SQL injection exploit can read sensitive data from the database, modify database data (Insert/Update/Delete), execute administration operations on the database, and recover the content of a given file present on the DBMS file system and in some cases issue commands to the operating system.
6. What is the difference with a blind SQL injection attack from a normal SQL injection attack? The only difference being the way the data is retrieved from the database.
7. Why are stored XSS vulnerabilities a major risk for web applications
Cross-Site Scripting is a type of injection problem in which malicious scripts (vb, js etc.) are into a trusted web site. XSS flaws occur whenever an application takes untrusted (typically user supplied) data and sends it invalidated to a web browser. XSS allows attackers to execute script in the victim’s browser and the malicious script can