CYB 240 Module Three Lab Worksheet

docx

School

Southern New Hampshire University *

*We aren’t endorsed by this school

Course

240

Subject

Computer Science

Date

Dec 6, 2023

Type

docx

Pages

5

Uploaded by SuperKoala931

Report
1 3-2 Lab Worksheet Chris Lawton Southern New Hampshire University CYB 240: Operating System Security Dr. Randy Arvay May 21, 2023
2 CYB 240 Module Three Lab Worksheet Complete this worksheet by replacing the bracketed phrases in the Response column with the relevant information. Lab: SQL Injections (SQLi) Prompt Response In the lab section “Analysis of the Vulnerability,” Step 20 , insert your name at the command line below the output and include it in your screenshot. In the lab, we demonstrated the dangers of unsecured input and how it can lead to SQLi. The lab also demonstrated how escaping can be used to mitigate an SQLi password bypass attack. Explain the steps of escaping and why it was successful in mitigating the SQL injection attack. Escaping is the use of special characters such a backslash ‘/’ to be interpreted by the SQL server as a syntax and will then be treated as an SQLi when they are added as part of the input. Lab: Performing SQL Injection to Manipulate Tables in a Database
3 Prompt Response In the lab section “Stealing Data and Creating a Backdoor,” Step 7 , insert your last name as the user that is created. Also use the name in Step 8. Take a screenshot after Step 8. Metasploit is an open source free tool that is shipped with Kali Linux. The tool can also be added to other distributions of Linux. How can this tool be used by security analysts to help secure computer systems that they are responsible for maintaining? Metasploit is a tool used to perform penetration testing. These tests can help to identify exploits and vulnerabilities in the system that can be fixed before an attacker finds them. Lab: Session Stealing (Stored XSS)
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
  • Access to all documents
  • Unlimited textbook solutions
  • 24/7 expert homework help
4 Prompt Response In the lab section “Alice Gets Owned,” Step 12 , insert your name in the comment field and then take a screenshot of the dialog. In the lab, you learn to exploit stored XSS. What steps can be taken on a form that would prevent the ability of a stored XSS to execute, and how should they be implemented? There are a few ways to prevent stored XSS. Testing how all input data is stored prior to moving the code into production. Running vulnerability test/analysis of exactly how user input data is received and stored via out-of-band channels. Administrators should establish a testing process for all areas of web application accessible by administrators. This can help to identify user data that is potentially being stored in “restricted” areas of the application.
5 References Klein, E. (2019, June 19). How to Defend Your Business Against SQL Injections. Logz.io . Retrieved May 18, 2023, from https://logz.io/blog/defend-against-sql-injections/#:~:text=Character%20Escaping,as%20part%20of%20the%20input. Lepofsky, R. (n.d.). The Manager’s Guide to Web Application Security: A Concise Guide to the Weaker Side of the Web . O’Reilly Online Learning. Retrieved May 18, 2023, from https://learning.oreilly.com/library/view/the-managers- guide/9781484201480/9781484201497_Ch04.xhtml#Sec54

Related Documents

3-3 Project Two Stepping Stone - Preliminary Report.docx
CYB 240 Module One Lab Worksheet.docx
CYB 240 Module Five Lab Worksheet.docx
CYB 230 Module Two Lab Worksheet.docx
CYB 250 Stepping Stone Two.docx
CYB 250 Stepping Stone One.docx
First OYSTER Run.docx
1.1.12 Practice Questions.docx
Lab Assignment 1.docx
Hw8_Fall_2023.ipynb - Colaboratory.pdf
Fall-2023-Midterm.ipynb - Colaboratory.pdf
230_Exam3_Sp_2023.pdf
Recommended textbooks for you
Text book image
Np Ms Office 365/Excel 2016 I Ntermed
Computer Science
ISBN:9781337508841
Author:Carey
Publisher:Cengage
Text book image
Programming with Microsoft Visual Basic 2017
Computer Science
ISBN:9781337102124
Author:Diane Zak
Publisher:Cengage Learning
Text book image
A Guide to SQL
Computer Science
ISBN:9781111527273
Author:Philip J. Pratt
Publisher:Course Technology Ptr
Text book image
COMPREHENSIVE MICROSOFT OFFICE 365 EXCE
Computer Science
ISBN:9780357392676
Author:FREUND, Steven
Publisher:CENGAGE L
Text book image
Oracle 12c: SQL
Computer Science
ISBN:9781305251038
Author:Joan Casteel
Publisher:Cengage Learning
SEE MORE TEXTBOOKS
Recommended textbooks for you
Text book image
Np Ms Office 365/Excel 2016 I Ntermed
Computer Science
ISBN:9781337508841
Author:Carey
Publisher:Cengage
Text book image
Programming with Microsoft Visual Basic 2017
Computer Science
ISBN:9781337102124
Author:Diane Zak
Publisher:Cengage Learning
Text book image
A Guide to SQL
Computer Science
ISBN:9781111527273
Author:Philip J. Pratt
Publisher:Course Technology Ptr
Text book image
COMPREHENSIVE MICROSOFT OFFICE 365 EXCE
Computer Science
ISBN:9780357392676
Author:FREUND, Steven
Publisher:CENGAGE L
Text book image
Oracle 12c: SQL
Computer Science
ISBN:9781305251038
Author:Joan Casteel
Publisher:Cengage Learning
SEE MORE TEXTBOOKS