WebSec_v03_Lab04_AW_David_Kintz

pdf

School

American Public University *

*We aren’t endorsed by this school

Course

297

Subject

Information Systems

Date

Dec 6, 2023

Type

pdf

Pages

Uploaded by CoachOctopus2571

Lab #4 – Assessment Worksheet Exploiting Known Web Vulnerabilities on a Live Web Server Course Name and Number: ________________________________________________________________ Student Name: ________________________________________________________________ Instructor Name: ________________________________________________________________ Lab Due Date: ________________________________________________________________ Lab Assessment Questions 1. What are the OWASP Top 10 vulnerabilities for 2017? 2. What is a Brute Force attack and how can the risks of these attacks be mitigated? 3. Explain a scenario where a hacker may use cross-site request forgery (CRFS) to perform authorized transactions.

4. What are the web application attacks that you performed in this lab using the DVWA? 5. Phishing is the practice of trying to obtain extra personal information such as passwords or banking details while in the guise of a trusted website. What type of web application vulnerability is exploited by hackers who use a phishing page on a website? 6. What could be the impact of a successful SQL injection? 7. What would finding the URL http://www.testurl.com/../../../../../../../../../../../../etc/passwd in your web logs indicate?

8. How would you ensure security between a web application and an SQL server?

Your preview ends here

Eager to read complete document? Join bartleby learn and gain access to the full version

Access to all documents
Unlimited textbook solutions
24/7 expert homework help

WebSec_v03_Lab04_AW_David_Kintz

Related Documents