Please write a report on both model 6 and 8 labs that discuss each labs objective and their expected outcome.
Vulnerable databases can expose sensitive information to intruders. Ensuring its safety is of paramount importance. SQL Injection is one of the most common attacks on a web application. In this lab activity, you will use the DVWA application to simulate an attack, and then list the various preventative measures that are available to avoid SQL injection attacks on web applications.
What is a SQL Injection?
SQL injection (also known as SQL fishing) is a technique often used to attack data-driven applications.
This is done by including portions of SQL statements in an entry field in an attempt to get the website to pass a newly formed rogue SQL command to the database (e.g., dump the database contents to the attacker). SQL injection is a code injection technique that exploits a security vulnerability in an application’s software.
The vulnerability happens when user input is either incorrectly filtered for string literal escape characters embedded in SQL statements or user input is not strongly typed and unexpectedly executed. SQL injection is mostly known as an attack vector for websites but can be used to attack any type of SQL database.
What is SQL Injection Harvesting?
SQL Injection Harvesting is where a malicious user supplies SQL statements to render sensitive data such as usernames, passwords, database tables, and more.
What is Damn Vulnerable Web App (DVWA)?
Damn Vulnerable Web App (DVWA) is a PHP/MySQL web application that is damn vulnerable.
Its main goals are to be an aid for security professionals to test their skills and tools in a legal environment, help web developers better understand the processes of securing web applications and aid teachers/students to teach/learn web application security in a classroom environment.
Damn Vulnerable Web App (DVWA): Lesson 1: How to Install DVWA in Fedora 14 http://www.computersecuritystudent.com/SECURITY_TOOLS/DVWA/DVWAv107/lesson1/index.html
In this lab we will do the following:
We use inject always true SQL statements into the SQL Injection User ID field with security set to low.
We will obtain the username and raw-MD5 password contents from the user’s table.
We will use John the Ripper to crack the raw-MD5 password HASH for each user.
Follow the steps given in the following document:
DVWA SQL Injection Lab
Once you have completed the lab, please answer the following questions in 1 to 2 pages:
What are some of your suggested changes to the code of the given website to eliminate the SQL-injection vulnerability?
What were some lessons learned from this project and how can these skills be used in the future?
For more information on SQL Injection Harvesting read this: https://en.wikipedia.org/wiki/SQL_injection
Try it now!
How it works?
Follow these simple steps to get your paper done
Place your order
Fill in the order form and provide all details of your assignment.
Proceed with the payment
Choose the payment system that suits you most.
Receive the final file
Once your paper is ready, we will email it to you.
Australia Assessments has gained an international reputation of being the leading website in custom assignment writing services. Once you give us the instructions of your paper through the order form, we will complete the rest.
As we work towards providing the best custom assignment services, our company provides assignment services for any type of academic essay. We will help you develop professionally written essays that are rich in content and free from plagiarism.
Admission and Business Papers
Our skilled team of professional writers will ensure that we help you craft a remarkable admission essay for your desired Master's program in your institution of choice. We won't stop there. Once you enter the job market, we will be available to secure you a position at your desired worksite by creating an outstanding portfolio or resume.
Editing and Proofreading
Our editorial team is always available for all editing and proofreading services. They check completed papers by our writers and also provide professional opinions to papers completed by our clients.
We harbor professional academic writers with different qualifications in diverse academic fields. As such, we are capable of handling both simple and technical papers. Ensure that you provide us with correct and complete instructions in the order form.