LAB 6 Final - The lab assignments are given approximately every week and all of them comparatively PDF

Title LAB 6 Final - The lab assignments are given approximately every week and all of them comparatively
Course Principles of Information Systems Security
Institution University of the Fraser Valley
Pages 8
File Size 555.1 KB
File Type PDF
Total Downloads 39
Total Views 134
Preview
CLICK TO PREVIEW PDF
Summary

The lab assignments are given approximately every week and all of them comparatively add to the final percent by almost more than 20%....

Description

Lab 6- Learn about commonly seen application security vulnerabilities and exploits Name: Rajwinder Singh Student#: 300158336 Date: April 4,2019

This lab will be focus on study about commonly seen PHP & MySQL application security vulnerabilities and exploits. Please following the guide provide below and use the file from the link below (DO NOT use the file from other website since there are different version out there)

Step 1: Download all the following necessary files https://sourceforge.net/projects/getmantra/ (ONLY download Janus - 0.92 Beta) Alternative, you can see below article how to use regular browser: https://getmantra.com/web-app-security-testing-with-browsers/ http://sechow.com/bricks/download.html (ONLY Download Tuivai 2.2 version) http://www.uwamp.com/en/?page=download (ONLY download and use UwAmp_2.2.1 for windows user. However, feel free to use your own LAMP, LEMP, or WAMP stack if you have it)

Step 2: Setup OWASP Brick and Mantra OWASP Bricks (for using UwAMP only) and Mantra setup guide

http://sechow.com/bricks/docs/installation.html

Step 3: Setup OWASP Brick and Mantra Start go over the following exercise and answer each question following by the exercise. Login #1 http://sechow.com/bricks/docs/login-1.html Q: Please come up with four ways that will improve the login page user name and password verification. Please provide step by step screenshot to justify your answer. A: Four ways that can improve the login page username and password verification could be but not limited to:    

Instead of random names, use of email address in the username filed. Long passwords - including special characters, numerals and uppercase letters. Using security questions with extra caution. Making sure your account is up to date, paying attention to any related inquiry.

Here are the step by step images for login #1.

Login #3 http://sechow.com/bricks/docs/login-3.html Q: What can you do to prevent user name and password field code injection? Please provide step by step screenshot to justify your answer A: To prevent username and password field code injection, we can use the following listed measures: Retrieved from (https://www.owasp.org/index.php/SQL_Injection_Prevention_Cheat_Sheet)     

Use of Stored Procedures. List on input validation Enforcing least privilege Escaping all user supplied input Use of prepared statements with parameterized queries

Here are the screenshots taken during the observation.

File upload page#1 http://sechow.com/bricks/docs/file-upload-1.html Q: What can you do to prevent user upload and execute a PHP shell? Please provide step by step screenshot to justify your answer A: To prevent this, we can use the following measures: Retrieved from (: https://blog.securityinnovation.com/blog/2014/01/preventing-shell-uploadvulnerabilities-in-php.html).    

Requiring authentication to access webpages and uploading files. Not evaling Encrypted uploaded files Location not accessible to everyone.

Here are the screenshots taken during the observation.

Content page#1 http://sechow.com/bricks/docs/content-page-1.html Q: What can you do to prevent id parameter code injection? Please provide step by step screenshot to justify your answer Retrieved from (https://code.tutsplus.com/articles/preventing-code-injection--net-36946). A: To prevent id parameter code injection, we can use the following tips  Preventing affected information to get into database  Using stored procedures  Least privilege policy – preventing access to user personal data  Parameterization – a method to keep statement and values distinct

Here are the screenshots taken during the observation

Content page#4 http://sechow.com/bricks/docs/content-page-4.html Q: What can you do to prevent User Agent string code injection? Please provide step by step screenshot to justify your answer A: To prevent User Agent string code injection, we will use the following measures:  

Setting the user agent string code injection: It is a safety measure which will grant the user safety so that he/she does not use the keywords that are restricted. Permission Window: Giving the permission to common users and scanning for uncommon strings which may lead to any error

Here are the screenshots taken during the observation...

Similar Free PDFs
LAB 6 Final - The lab assignments are given approximately every week and all of them comparatively
  • 8 Pages
LAB Assignments - Week 3 a
  • 9 Pages
PChem Lab 7 - Mandatory lab work, assignments and final review
  • 6 Pages
Centripetal Force - these are all lab reports
  • 3 Pages
Lab Report 6 Final
  • 7 Pages
Lab 11 - Complete lab with lab assignments.
  • 12 Pages
Lab 6 - Lab 6
  • 10 Pages
Lab 11 - Complete lab with lab assignments.
  • 23 Pages
Week 6 Lab A Worksheet
  • 1 Pages
Week 6 - Friction - lab report
  • 5 Pages
5AL Pre-lab 6 - Pre-Lab Assignment for Week 6
  • 7 Pages
WEEK 3 LAB - lab
  • 2 Pages
Description of all assignments and tests
  • 2 Pages
Post-Lab 1 - assignments
  • 1 Pages
Calorimetry - Pre-lab assignments
  • 2 Pages
Post-Lab 5 - assignments
  • 3 Pages
Popular Institutions