Week 5 Lab and Questions IT4071
docx
keyboard_arrow_up
School
Capella University *
*We aren’t endorsed by this school
Course
4071
Subject
Information Systems
Date
Feb 20, 2024
Type
docx
Pages
4
Uploaded by CommodorePenguin2708
W5-IT4071
1
Lab and Questions
Janie Craig
Capella University Lab and Questions
Week 5 - IT4071
02-05-2024
W5-IT4071
2
Lab and Questions
Lab Screenshots
S1, P2, S5
S1, P3, S19
S1, P3, S21
S1, P4, S3
S2, P2, S5
W5-IT4071
3
Lab and Questions
S2, P3, S16
S2, P3, S18
S2, P4, S4
LAB QUESTIONS
1.
When should the initial penetration test be performed on a web server? Why?
Right before it is put into production to ensure it will run smoothly and be less vulnerable
to attacks. 2.
Compare and contrast a cross-site scripting attack and a reflective cross-site scripting attack.
Cross-Site scripting attack stores an input and embeds it into a later response. With a Reflected attack from an HTTP request and embeds it into an unsafe way.
3.
What Web application attacks are most likely to compromise confidentiality?
Cross - SIte Scripting
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
- Access to all documents
- Unlimited textbook solutions
- 24/7 expert homework help
W5-IT4071
4
Lab and Questions
4.
What techniques can you use to mitigate and respond to SQL injection attacks? Using Scanning applications and regular penetration testing and adopting the least privilege principle can assist in mitigating these attacks.
5.
List some common techniques to identify Web application server vulnerabilities. Using a web application scanner as well as a penetration test can assist in finding the vulnerabilities. 6.
Discuss your plan for ensuring penetration and web application testing are part of the implementation process.
This needs to be done as well as regular monitoring. Insuring this is done every month or at least every 3 and after every update can assist in finding any vulnerabilities. 7.
Why were you asked to set the DVWA security level to low during your lab?
Setting the security level to low allowed the web application to act as a vulnerable web application.