Attacking a Vulnerable Web Application and Database Assignment
Order ID:89JHGSJE83839 Style:APA/MLA/Harvard/Chicago Pages:5-10 Instructions:
Attacking a Vulnerable Web Application and Database Assignment
Assignment Grading Rubric Course: IT542 Unit: 3 Points: 90Assignment 3Outcomes addressed in this activity: Unit Outcomes: Develop an attack plan to compromise and exploit a website.
Perform a cross-site scripting and a SQL inject attack against a website. Select security measures appropriate to protect against common website attacks. Course Outcome:IT542-2: Develop best practices to address Web server and wireless network threats.
Assignment Instructions: This Assignment provides the “hands on” element to your studies. It gives you the opportunity to gain practical experience using the tools and techniques associated with ethical hacking. Read and perform the lab entitled “Lab #5: Attacking a Vulnerable Web Application and Database” found in Doc Sharing.
Complete all five parts of Lab #5. Compile your lab report in a Word document with a title page, labeling all screenshots you are required to capture, and including explanatory text where needed or required by the lab. Within your Word document, after your lab report, answer the Assessment Worksheet questions listed at the end of the lab. Conduct research and cite supporting sources in APA format where appropriate.
Directions for Submitting Your Assignment: Save your Word document containing your lab report and Assessment questions using the following file name format: Username-IT542-Assignment -Unit#.docx (Example: Talen- IT542 Assignment-Unit3.docx). Submit your file to the Unit 3 Assignment Dropbox by the end of Unit 3.
Assignment Requirements: All lab steps are completed, including screenshots and explanations where required. Assessment question answers contain sufficient information to adequately address the questions. The lab report and the answers are accurate and complete, as well as free of from grammar and spelling errors. For more information and an example of APA formatting, see the resources in Doc sharing or visit the KU Writing Center from the KU Homepage. Also review the KU Policy on Plagiarism.
This policy will be strictly enforced on all applicable Assignments and Discussion posts. If you have any questions, please contact your professor. Review the grading rubric below before beginning this activity. Assignment Grading Rubric = 90 points Assignment Requirements Points Possible Points Earned Web application and Web server backend database vulnerabilities are identified.
0†“18An attack plan to compromise and exploit a Web site using cross-site scripting was developed.0†“15A manual cross-site scripting (XSS) attack against a sample vulnerable Web Application was conducted and documented in the lab report.0†“15SQL injection attacks against a sample vulnerable Web application was conducted and documented in the lab report.0–15Assessment worksheet is completed, with responses that are accurate, complete and well written
(3 points per question).0†“27Assignment Total (Sum of all points)0†“90Less deduction taken for spelling, grammar, and APA errors. New total after deductions Lab #5 – Assessment Worksheet Attacking a Vulnerable Web Application and Database Course Name and Number: _____________________________________________________ Student Name: ________________________________________________________________Instructor Name: ______________________________________________________________Lab Due Date: ________________________________________________________________OverviewIn this lab, you used the Damn Vulnerable Web Application (DVWA), a tool specifically designed with common vulnerabilities to help Web developers test their own applications prior to release. As an ethical hacker, you found and exploited a cross-site scripting (XSS) vulnerability and conducted a SQL injection attack on the Web application€™s SQL database.
You made your attacks using a Web browser and some simple command strings. You documented your findings throughout the lablab Assessment Questions & Answers1. Why is it critical to perform a penetration test on a Web application and a Web server prior to production implementation?2. What is a cross-site scripting attack? Explain in your own words.3. What is a reflective cross-site scripting attack?4.
Based on the tests you performed in this lab, which Web application attack is more likely to extract privacy data elements out of a database?5. If you can monitor when SQL injections are performed on an SQL database, what would you recommend as a security countermeasure to monitor your production SQL databases?
- Given that Apache and Internet Information Services (IIS) are the two most popular Web application servers for Linux and Microsoft® Windows platforms, what would you do to identify known software vulnerabilities and exploits?
- What can you do to ensure that your organization incorporates penetration testing and Web application testing as part of its implementation procedures?8. What is the purpose of setting the DVWA security level to low before beginning the remaining lab steps?9. As an ethical hacker, once you€™vet determined that a database is injectable, what should you do with that information?
RUBRIC
Excellent Quality
95-100%
Introduction 45-41 points
The background and significance of the problem and a clear statement of the research purpose is provided. The search history is mentioned.
Literature Support
91-84 points
The background and significance of the problem and a clear statement of the research purpose is provided. The search history is mentioned.
Methodology
58-53 points
Content is well-organized with headings for each slide and bulleted lists to group related material as needed. Use of font, color, graphics, effects, etc. to enhance readability and presentation content is excellent. Length requirements of 10 slides/pages or less is met.
Average Score
50-85%
40-38 points
More depth/detail for the background and significance is needed, or the research detail is not clear. No search history information is provided.
83-76 points
Review of relevant theoretical literature is evident, but there is little integration of studies into concepts related to problem. Review is partially focused and organized. Supporting and opposing research are included. Summary of information presented is included. Conclusion may not contain a biblical integration.
52-49 points
Content is somewhat organized, but no structure is apparent. The use of font, color, graphics, effects, etc. is occasionally detracting to the presentation content. Length requirements may not be met.
Poor Quality
0-45%
37-1 points
The background and/or significance are missing. No search history information is provided.
75-1 points
Review of relevant theoretical literature is evident, but there is no integration of studies into concepts related to problem. Review is partially focused and organized. Supporting and opposing research are not included in the summary of information presented. Conclusion does not contain a biblical integration.
48-1 points
There is no clear or logical organizational structure. No logical sequence is apparent. The use of font, color, graphics, effects etc. is often detracting to the presentation content. Length requirements may not be met
You Can Also Place the Order at www.collegepaper.us/orders/ordernow or www.crucialessay.com/orders/ordernow Attacking a Vulnerable Web Application and Database Assignment
Attacking a Vulnerable Web Application and Database Assignment