CYB_240_Module_Three_Lab_Bailey_Holly

docx

School

University of Missouri, Columbia *

*We aren’t endorsed by this school

Course

7850

Subject

Computer Science

Date

Apr 3, 2024

Type

docx

Pages

3

Uploaded by bails4

Report
Bailey Holly Professor Bernuy Application Security CYB-240-R3445 28 January 2024 CYB 240 Module Three Lab Worksheet Complete this worksheet by replacing the bracketed phrases in the Response column with the relevant information. Lab: SQL Injections (SQLi) Prompt Response In the lab section “Analysis of the Vulnerability,” Step 20 , insert your name at the command line below the output and include it in your screenshot. In the lab, we demonstrated the dangers of unsecured input and how it can lead to SQLi. The lab also demonstrated how escaping can be used to mitigate an SQLi password bypass attack. Explain the steps of escaping and why it was successful in mitigating the SQL injection attack. The first step is to identify special characters in the user input that have a specific meaning in SQL. Once the special characters are identified, these characters are replaced with harmless versions that won’t be interpreted as SQL commands. Special characters are prepended with a backlash to escape their functionality, such as ‘\’ becomes ‘\\’. By escaping special characters, an attacker's injected SQL code becomes part of the data itself, instead of manipulating the query structure. This prevents unintended execution of malicious commands and protects the database from compromise.
Bailey Holly Professor Bernuy Application Security CYB-240-R3445 28 January 2024 Lab: Performing SQL Injection to Manipulate Tables in a Database Prompt Response In the lab section “Stealing Data and Creating a Backdoor,” Step 7 , insert your last name as the user that is created. Also use the name in Step 8. Take a screenshot after Step 8. Metasploit is an open source free tool that is shipped with Kali Linux. The tool can also be added to other distributions of Linux. How can this tool be used by security analysts to help secure computer systems that they are responsible for maintaining? Metasploit provides a vast library of exploits, security analysts can leverage this to scan their systems for known vulnerabilities and assess their patching priorities. Metasploit modules can be used to simulate attacks, this helps analysts evaluate the effectiveness of their firewalls, IDS, and other security tools in detecting and preventing attacks. Analysts can use Metasploit modules to test their code for vulnerabilities and improve the overall security of their applications.
Bailey Holly Professor Bernuy Application Security CYB-240-R3445 28 January 2024 Lab: Session Stealing (Stored XSS) Prompt Response In the lab section “Alice Gets Owned,” Step 12 , insert your name in the comment field and then take a screenshot of the dialog. In the lab, you learn to exploit stored XSS. What steps can be taken on a form that would prevent the ability of a stored XSS to execute, and how should they be implemented? Input validation forms the first line of defense against stored XXS attacks. It involves strict enforcement of rules for data types, lengths, and character sets to ensure only valid input is accepted. This also includes rejecting data that doesn’t meet the criteria and blacklisting specific characters frequently used in XSS attacks. Convert potentially harmful characters into their HTML entities before displaying them. Implement a Content Security Policy (CSP), which creates a whitelist of trusted sources for scripts, styles, and other resources, ensuring only authorized content is allowed in. Finally, use trusted libraries like OWASP AntiSamy for thorough input sanitization.
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
  • Access to all documents
  • Unlimited textbook solutions
  • 24/7 expert homework help

Related Documents

Annie CRM Assignment.doc
CYB_240_Module_One_Bailey_Holly.docx
CYB_240_Module_Four_Lab_Bailey_Holly.docx
CYB_240_Module_Seven_Project_Two_Bailey_Holly.docx
WEEK 2.2 1 ASSIGNMENT.docx
CYB_240_Module_Three_Project_Two_Bailey_Holly.docx
Lab Activity Measuring Species Diversity Spring 2022.pdf
Assignment_III (1).pdf
ValenciaA_BUSN600week5.docx
Comp 1 Pre test essay questions - PSCI 2306.docx
WEEK 10.2 STAQ ASSIGNMENTS.docx
WEEK 4.2 ASSIGNMENT STAQ.docx
Recommended textbooks for you
Text book image
COMPREHENSIVE MICROSOFT OFFICE 365 EXCE
Computer Science
ISBN:9780357392676
Author:FREUND, Steven
Publisher:CENGAGE L
Text book image
Programming with Microsoft Visual Basic 2017
Computer Science
ISBN:9781337102124
Author:Diane Zak
Publisher:Cengage Learning
Text book image
Np Ms Office 365/Excel 2016 I Ntermed
Computer Science
ISBN:9781337508841
Author:Carey
Publisher:Cengage
Text book image
A Guide to SQL
Computer Science
ISBN:9781111527273
Author:Philip J. Pratt
Publisher:Course Technology Ptr
Text book image
Oracle 12c: SQL
Computer Science
ISBN:9781305251038
Author:Joan Casteel
Publisher:Cengage Learning
SEE MORE TEXTBOOKS
Recommended textbooks for you
Text book image
COMPREHENSIVE MICROSOFT OFFICE 365 EXCE
Computer Science
ISBN:9780357392676
Author:FREUND, Steven
Publisher:CENGAGE L
Text book image
Programming with Microsoft Visual Basic 2017
Computer Science
ISBN:9781337102124
Author:Diane Zak
Publisher:Cengage Learning
Text book image
Np Ms Office 365/Excel 2016 I Ntermed
Computer Science
ISBN:9781337508841
Author:Carey
Publisher:Cengage
Text book image
A Guide to SQL
Computer Science
ISBN:9781111527273
Author:Philip J. Pratt
Publisher:Course Technology Ptr
Text book image
Oracle 12c: SQL
Computer Science
ISBN:9781305251038
Author:Joan Casteel
Publisher:Cengage Learning
SEE MORE TEXTBOOKS