[Cyber Attack & Ethical Hacking
01a1] Unit 1 Assignment 1
· Attacking a Vulnerable Web Application and Database (Assignment 1)
To demonstrate your understanding of core concepts and procedures presented in this unit, you are required to complete the following:
- When should the initial penetration test be performed on a web server? Why?
- Compare and contrast a cross-site scripting attack and a reflective cross-site scripting attack.
- What Web application attacks are most likely to compromise confidentiality?
- What techniques can you use to mitigate and respond to SQL injection attacks?
- List some common techniques to identify Web application server vulnerabilities.
- Discuss your plan for ensuring penetration and web application testing are part of the implementation process.
- Why are you sometimes asked to set the DVWA security level to low
- Refer to the Attacking a Vulnerable Web Application and Database scoring guide to ensure that your work meets the grading criteria for this assignment.
- Written communication:Writing should be clear and well organized, with no technical writing errors, as expected of a business professional.
- Format:Typed, double-spaced lines.
- Font:Times New Roman, 12 points.
[u05a2] Unit 5 Assignment 2
Vulnerabilities of Web Servers (Assignment 2) 4- pages
Attackers target websites for many different reasons. For example, an attacker may want to compromise the backend of an e-commerce website or take a site down using a denial of service or buffer overflow attacks. In fact, the attacker may be targeting your site’s visitors. Since it may be difficult to anticipate an attacker’s motivation, sites should be hardened to prevent as many types of attacks as possible.
You were asked to participate with senior management in a Web conference discussing Web security. One speaker in correctly discussed installed SSL certificates, misconfiguration of Web servers, lack of server hardening, and poor authentication mechanisms as the most common threats to Web security. Another speaker added that the lack of security policy was the biggest risk. Then a Web developer discussed the threats posed by cross-site scripting (CSS), cross-site request forgery (CSRF), and buffer overflow. Finally, the last presenter discussed structured query language (SQL) injection attacks.
After the conference, the chief information security officer (CISO) of your organization asked you to write a report to summarize the information discussed during the conference.
Write a 4 page report in which you:
- Describe cross-site scripting (CSS), cross-site request forgery (CSRF), buffer overflow, and structured query language (SQL) injection attacks
- Compare cross-site scripting (CSS) and cross-site request forgery (CSRF).
- Compare buffer overflow, and structured query language (SQL) injection attacks.
- Discuss which attacks are used by hackers to attack database management systems.
Your assignment must be supported by a minimum of three recent, peer-reviewed references. Citations and references must be formatted using current APA style.
Structure your report as follows:
- Title page.
- The Main body (at least four pages); use headings to identify individual sections.
- Summary and conclusion.
- References page.
Capella academic integrity standards must be strictly followed.
- Written communication:Writing should be clear and well organized, with no technical writing errors, as expected of a business professional
- References:Include a minimum of three recent, peer-reviewed references.
- APA style:Citations and references must be formatted using current APA style.
- Length of the report:A minimum of four typed, double-spaced pages, excluding the title page and references page.
- Font:Times New Roman, 12 points.
[u05d1] Unit 5 Discussion 1
Password Cracking (1-page Discussion)
Good password hygiene is an important component of securing any network. Attackers often attempt to compromise passwords. For this reason, it is good practice to use a unique password for each website, service, and application. Attackers have specialized tools to assist in cracking passwords; however, some passwords are more difficult to crack than others. Constructing unique, secure passwords may be challenging but some of this difficulty can be alleviated by using a password keeper.
You have been monitoring the traffic on your network using passive sniffing tools such as EtherApe, Dsniff, and Omnipeek. During your analysis, you notice a large amount of interesting traffic coming from two unknown devices. The devices have been isolated on a decoy network. You are asked to see if you can compromise the unknown devices using a password cracking tool so that you can gain a better understanding of the attackers’ intentions.
In your discussion post:
- Describe three password cracking tools you can use to access the suspected computers without the attackers’ knowledge.
- Compare and contrast the different password cracking tools.