CYB-240-ModuleThreeLabWorksheet

docx

School

Southern New Hampshire University *

*We aren’t endorsed by this school

Course

240

Subject

Computer Science

Date

Feb 20, 2024

Type

docx

Pages

3

Uploaded by DeanGoldfinch4081

Report
CYB 240 Module Three Lab Worksheet Complete this worksheet by replacing the bracketed phrases in the Response column with the relevant information. Lab: SQL Injections (SQLi) Prompt Response In the lab section “Analysis of the Vulnerability,” Step 20 , insert your name at the command line below the output and include it in your screenshot. In the lab, we demonstrated the dangers of unsecured input and how it can lead to SQLi. The lab also demonstrated how escaping can be used to mitigate an SQLi password bypass attack. Explain the steps of escaping and why it was successful in mitigating the SQL injection attack. Escaping is used to make values entered read as a string instead of as a command. (Klein, n.d.) . In the lab, the steps were to use sudo to pull up the script. We removed the // from log in command lines. When the injection command was entered again in the login field the log in failed.
Lab: Performing SQL Injection to Manipulate Tables in a Database Prompt Response In the lab section “Stealing Data and Creating a Backdoor,” Step 7 , insert your last name as the user that is created. Also use the name in Step 8. Take a screenshot after Step 8. Metasploit is an open source free tool that is shipped with Kali Linux. The tool can also be added to other distributions of Linux. How can this tool be used by security analysts to help secure computer systems that they are responsible for maintaining? Metasploit can be used to test systems and identify weaknesses. This can be done at the time the system is set up, after patches and updates, or anytime to ensure that there are as few vulnerabilities in the system as possible.
Lab: Session Stealing (Stored XSS) Prompt Response In the lab section “Alice Gets Owned,” Step 12 , insert your name in the comment field and then take a screenshot of the dialog. In the lab, you learn to exploit stored XSS. What steps can be taken on a form that would prevent the ability of a stored XSS to execute, and how should they be implemented? To prevent XSS input should be filtered, output should be encoded, use appropriate response headers, and implement Content Security Policy (CSP). (Cross-site scripting, n.d.) . The first three are measures taken when creating the script on the form. CSP is also activated by including the appropriate command in the script. (Content Security Policy (CSP), n.d.)
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
  • Access to all documents
  • Unlimited textbook solutions
  • 24/7 expert homework help

Related Documents

CIS443 Week 4 Assignment_Craig_Wayman.docx
CIS443_Week_6_Assignment_Craig_Wayman.docx
CIS348 Week 8 Assignment.docx
SCS 100 Module One Activity Template copy.docx
HW4 solutions.pdf
CYB-240_ModuleFourLabWorksheet.docx
CYB-240_ModuleFiveLabWorksheet.docx
main.py
Project 2.docx
CNET324 Lab 4-Wireless VLAN with RADIUS Authentication.docx
IntroProgwC++_8e_Ch09_Solution Files -Review Questions and Exercises.docx
Homework Assignment_Lab2_02072024-1.docx
Recommended textbooks for you
Text book image
Np Ms Office 365/Excel 2016 I Ntermed
Computer Science
ISBN:9781337508841
Author:Carey
Publisher:Cengage
Text book image
Programming with Microsoft Visual Basic 2017
Computer Science
ISBN:9781337102124
Author:Diane Zak
Publisher:Cengage Learning
Text book image
COMPREHENSIVE MICROSOFT OFFICE 365 EXCE
Computer Science
ISBN:9780357392676
Author:FREUND, Steven
Publisher:CENGAGE L
Text book image
A Guide to SQL
Computer Science
ISBN:9781111527273
Author:Philip J. Pratt
Publisher:Course Technology Ptr
Text book image
Oracle 12c: SQL
Computer Science
ISBN:9781305251038
Author:Joan Casteel
Publisher:Cengage Learning
Text book image
Programming Logic & Design Comprehensive
Computer Science
ISBN:9781337669405
Author:FARRELL
Publisher:Cengage
SEE MORE TEXTBOOKS
Recommended textbooks for you
Text book image
Np Ms Office 365/Excel 2016 I Ntermed
Computer Science
ISBN:9781337508841
Author:Carey
Publisher:Cengage
Text book image
Programming with Microsoft Visual Basic 2017
Computer Science
ISBN:9781337102124
Author:Diane Zak
Publisher:Cengage Learning
Text book image
COMPREHENSIVE MICROSOFT OFFICE 365 EXCE
Computer Science
ISBN:9780357392676
Author:FREUND, Steven
Publisher:CENGAGE L
Text book image
A Guide to SQL
Computer Science
ISBN:9781111527273
Author:Philip J. Pratt
Publisher:Course Technology Ptr
Text book image
Oracle 12c: SQL
Computer Science
ISBN:9781305251038
Author:Joan Casteel
Publisher:Cengage Learning
Text book image
Programming Logic & Design Comprehensive
Computer Science
ISBN:9781337669405
Author:FARRELL
Publisher:Cengage
SEE MORE TEXTBOOKS