IS3445 Lab 7

Satisfactory Essays
Lab 7
IS3445 Security Strategies for Web Applications and Social Networking
Lab 7 Assessment

1. How does Skipfish categorize findings in the scan report?
As high risk flaws, medium risk flaws, and low issue scans
2. Which tool used in the lab is considered a static analysis tool? Explain what is referred to by static code analysis.
RATS, because the running of static code analysis tools that attempt to highlight possible vulnerabilities within ‘static’ (non-running) source code.
3. What possible high risk vulnerabilities did the Rats tool find in the DVWA application source code?
Allow system commands to execute.
4. Did the static analysis tool find all the potential security flaws in the application?
Yes, although such tools like these would automatically find security flaws with high degree of confidence that what it found was a flaw.
5. What is black box testing on a web site or web application?
They’re designed to threat the application as an “unknown entity”; therefore, no knowledge of the tiers is provided.
6. Explain the Skipfish command in detail: ./skipfish-o/var/scans/is308lab.org –A admin:password –d3 –b I –X logout.jsp –r200000 http://www.is308lab.org
This is a standard, authenticated scan of a well-designed and self-contained site.
7. During the manual code review, what is noticed about high.php to make it less likely to vicitimize users with XSS reflection and why is it considered more secure?
Because when a php is at high-level language its more secure and often times it’ll most likely have bugs and errors that are low-level languages.
8. Would Firefox be considered a web application assessment tool?
Firefox is a popular web application penetration testing tool with many plugins. It’s designed for web application security assessment or penetration testing.
9. Compare and contrast a pent testing tool such as OWASP WebScarab with an automatic analysis tool like skipfish.
Webscarab is a framework for analyzing application that communicate using the

You May Also Find These Documents Helpful

  • Good Essays

    IS3445 Unit 4 Lab

    • 556 Words
    • 2 Pages

    DBMS file system and in some cases issue commands to the operating system. 6. What is the difference with a blind SQL injection attack from a normal SQL injection attack? The only difference being the way the data is retrieved from the database. 7. Why are stored XSS vulnerabilities a major risk for web applications Cross-Site Scripting is a type of injection problem in which malicious scripts (vb, js etc.) are into a trusted web site. XSS flaws occur whenever an application takes untrusted…

    • 556 Words
    • 2 Pages
    Good Essays
  • Good Essays

    Lab 7

    • 995 Words
    • 4 Pages

    Lab 7: Geologic Time 9 Answer Sheet Name(s) 1. As an example of how radioactive decay works, the TA may lead a small demonstration. Each student will receive one penny and stand up. At this point all of the students are parent isotopes. Every student should then flip their penny. Students whose penny lands heads-up should sit down. These students who are now seated are now daughter isotopes. The remaining standing students should again flip their penny, and students whose penny lands heads-up…

    • 995 Words
    • 4 Pages
    Good Essays
  • Satisfactory Essays

    LAB 7

    • 354 Words
    • 2 Pages

    How much available shrink space is contained in the volume? 449MB 6. How is the last volume you created different from the previous ones? Explain why. The size of the volume is different. By shrinking the file it made the volumes less than 2000MB 7. What do you suppose would happen if you created another simple volume out of the free space left on the disk? I think that the it will run out of recourse. 8. Were you successful? No, The extend option is grayed out. 9. What is the result? It was…

    • 354 Words
    • 2 Pages
    Satisfactory Essays
  • Good Essays

    Lab 7

    • 928 Words
    • 3 Pages

    1. What are some common risks, threats, and vulnerabilities commonly found in the LAN-to-WAN Domain that must be mitigated through a layered security strategy? A layered security strategy will encompass Rouge protocols such as Bit mining and P2P, Unauthorized network scanning and probing, and unauthorized access to the network. 2. What is an Access Control List (ACL) and how is it useful in a layered security strategy? An ACL is a Control list which will allow or deny traffic or devices based on…

    • 928 Words
    • 3 Pages
    Good Essays
  • Powerful Essays

    Lab 7

    • 1276 Words
    • 9 Pages

    Introduction to Networking GRADED ASSIGNMENTS Unit 9 Research 1: Network Design, Part 1 Course Objectives and Learning Outcomes Show competency in all outcomes for this course. Assignment Requirements Now it is time for you to put your networking knowledge to work. Read through the Network Design: Kamazon.kom Network Upgrade information and make sure you understand the customer’s requirements. Your instructor will act as Kamazon’s representative, so if you have questions or need clarification…

    • 1276 Words
    • 9 Pages
    Powerful Essays
  • Satisfactory Essays

    Lab 7 Student

    • 1242 Words
    • 7 Pages

    Lab 7: Repetition Structures I This lab accompanies Chapter 5 (pp. 163-183 and pp. 196-201) of Starting Out with Programming Logic & Design. Name: ___________________________ Lab 7.1 –Condition Controlled with While and Do-While Loops: Pseudocode Critical Review A repetition structure causes a statement or set of statements to execute repeatedly. Repetition structures are used to perform the same task over and over. Repetition structures are commonly called loops A condition-controlled…

    • 1242 Words
    • 7 Pages
    Satisfactory Essays
  • Satisfactory Essays

    NT1210 Lab 7

    • 346 Words
    • 2 Pages

    Chapter 7 Lab 7.1.1 Why is it impractical for an organization to own the entirety of a WAN? There are no limitations on WANs so they can be custom built for the size of the organization. Why is it favorable for an organization to maintain ownership of the entirety of the LAN? Because the purpose of organizational expansion. Table 7-1 WAN Physical Media Media Infrastructure Summary UTP Phone lines The quality of UTP may vary from telephone-grade wire to extremely high-speed cable. The cable…

    • 346 Words
    • 2 Pages
    Satisfactory Essays
  • Satisfactory Essays

    IT220 Lab 7

    • 303 Words
    • 2 Pages

    Frantzy Senat IT220 Lab 7 Lab 7.1 Exercise 7.1.1 Its impractical for whole organization to own a whole WAN because it could be great distances or overseas or across the country. It would be better to own the LAN to be able to control the cost of the set up Exercise 7.1.2 Increasing the distance would help due to making easier to…

    • 303 Words
    • 2 Pages
    Satisfactory Essays
  • Satisfactory Essays

    Unit 7 Subnetting Lab 7

    • 1327 Words
    • 6 Pages

    Unit 7 Subnetting Lab 7 Read the lab details listed below, and then answer the questions listed in the lab exercise. CIDR (Classless InterDomain Routing) and VLSM CIDR (Classless Inter-Domain Routing) was introduced in 1993 (RCF 1517) replacing the previous generation of IP address syntax - classful networks. CIDR allowed for more efficient use of IPv4 address space and prefix aggregation, known as route summarization or supernetting. CIDR introduction allowed for: • More efficient use…

    • 1327 Words
    • 6 Pages
    Satisfactory Essays
  • Powerful Essays

    Lab 7 & 8

    • 1094 Words
    • 5 Pages

    Week 4 Lab Part 1: Design a Multi-factor Authentication Process Assessment Worksheet Design a Multi-factor Authentication Process Lab Assessment Questions & Answers 1. In an Internet Banking Financial Institution is Single Factor Authentication acceptable? Why or why not? Yes it can be acceptable because you can buff up security elsewhere. 2. Explain the difference between Positive Verification and Negative Verification? Negative verification is the opposite of positive verification…

    • 1094 Words
    • 5 Pages
    Powerful Essays