ITN 261 –
Lab 5 – Assessment Worksheet
Attacking a Vulnerable Web Application and Database
Student Name: _____________________________________________
Overview
In this lab, you used the Damn Vulnerable Web Application (DVWA), a tool specifically designed with common vulnerabilities to help Web developers test their own applications prior to release. As an ethical hacker, you found and exploited a cross-site scripting (XSS) vulnerability and conducted a SQL injection attack on the Web application’s SQL database. You made your attacks using a Web browser and some simple command strings. You documented your findings throughout the lab.
Lab Assessment Questions & Answers
1. Why is it critical to perform a penetration test on a Web application and a Web server prior to production implementation?
It is important to perform penetration testing on web application and web server prior to production implementation, to probe for vulnerabilities and patch it.
2. What is a cross-site scripting attack? Explain in your own words.
Cross-site scripting attack is an attack where the attacker inject client side script into a web application directed toward a user in order to infect the user computer.
3. What is a reflective cross-site scripting attack?
Reflective cross-site scripting attack Involves the web application to dynamically generating a response using non-sanitized data from the client scripts, like Java scripts or VB script, in the data sent to the server will send back a page with the script
4. Based on the tests you performed in this lab, which Web application attack is more likely to extract privacy data elements out of a database?
Sql injection attack is more likely to extract privacy data elements out of a database.
5. If you can monitor when SQL injections are performed on an SQL database, what would you recommend as a security countermeasure to monitor your production SQL databases?
Recommended security measures will be to...