Academic Integrity: tutoring, explanations, and feedback — we don’t complete graded work or submit on a student’s behalf.

Assignment Objectives: Identify web application vulnerabilities and tools used t

ID: 3588962 • Letter: A

Question

Assignment Objectives:

Identify web application vulnerabilities and tools used to protect web servers.

Discuss securing web applications.

Review the tools used to attack Web servers

Ethical Hacker help needed:

Provide at least three methods or tools used to attack web servers as well as provide how each of these three methods can be protected against. Directions: Your completed assignment should be at least 2 FULL double-spaced page(s) in length. Proofread your completed essay to ensure proper spelling, grammar, capitalization, punctuation, and sentence structure. Include at least one Herzing library or appropriate web reference in addition to your text and/or supplemental material provided that is presented in proper APA format that supports your submission.

Explanation / Answer

THe Answer for your question is given below step by step:

1. Firstly i am going to discuss about what are web applications so a web application is nothing but it is a client–server computer program in which the client where client means it will include the user interface and also client-side logic runs in a web browser where the examples of the web applications are online retail stores and web mails etc.

2. The another defnition for an Web application is it is an application program that is stored on a remote server and delivered over the Internet through a browser to the users all over the world.

Now I am going to Explain about the three methods or tools used to attack web servers
1. sql injection
2. remote code execution and
3. cross site scripting.

1. sql injection:

This SQL injection is one of the big vulnerability for utilizing web apllications on a web server and this SQL injection is a very old technique but it is still popular among attackers and This technique will allow an attacker to retrieve crucial information from a Web servers database and that depends on the web application security measures.

How to protect from this sql injection attack is:

1.Avoid connecting to the database as a superuser or as the database owner. Always use customized database users with the bare minimum required privileges required to perform the assigned task.
2.If the PHP magic_quotes_gpc function is on, then all the POST, GET, COOKIE data is escaped automatically.
3.PHP has two functions for MySQL that sanitize user input: addslashes (an older approach) and mysql_real_escape_string (the recommended method). This function comes from PHP >= 4.3.0, so you should check first if this function exists and that you're running the latest version of PHP 4 or 5. MySQL_real_escape_string prepends backslashes to the following characters: , , , , ', "and .

2. remote code execution:

This is also one of the dangerous vulnerability in accessing the web applications from web server and As the name itself tells that this vulnerability allows an attacker to run arbitrary and system level code on the vulnerable server and retrieve any desired information contained therein and also Improper coding errors lead to this vulnerability.

sometimes it is very difficult to discover this vulnerability during penetration testing assignments but such problems are often revealed while doing a source code review. However, when testing Web applications is is important to remember that exploitation of this vulnerability can lead to total system compromise with the same rights as the Web server itself.

3. cross site scripting:

This cross site scripting is also one of the big vulnerability for utilizing web apllications on web server and The success of this attack requires the victim to execute a malicious URL which may be crafted in such a manner to appear to be legitimate at first look. When visiting such a crafted URL an attacker can effectively execute something malicious in the victim's browser. Some malicious Javascript, for example, will be run in the context of the web site which possesses the XSS bug.

NOw I am going to explain how to secure your web applications or web servers.

To secure a Web server, you must apply many configuration settings to reduce the server's vulnerability to attack. So, how do you know where to start, and when do you know that you are done? The best approach is to organize the precautions you must take and the settings you must configure, into categories. Using categories allows you to systematically walk through the securing process from top to bottom or pick a particular category and complete specific steps.

Hope This Helps, if you have any doubts Please comment i will get back to you, thank you and please thumbs up

Related Questions

Assignment If you drop an anvil from a great height, it accelerates downward...
Question #3888013
Assignment Implement PushThird function Test PushThird function Test InsertNode
Question #3675009
Assignment Innovation Management Project (IMP) The overall aim of this project i
Question #384887
Assignment Instructions 1) Create a file called arrayDemo.html. This file should
Question #3743376
Assignment Instructions You will create a PowerPoint presentation which will be
Question #407636
Assignment Instructions: 1) The Factorial The factorial of a non-negative intege
Question #3348645
Assignment Instructions: 1) The Factorial The factorial of a non-negative intege
Question #3348675
Assignment Instructions: 1) The Factorial The factorial of a non-negative intege
Question #3940191
Hire Me For All Your Tutoring Needs
Integrity-first tutoring: clear explanations, guidance, and feedback.
Drop an Email at
drjack9650@gmail.com
Chat Now And Get Quote

Navigate

Previous
Assignment Objectives By the end of this assignment you should be able to design
Next
Assignment Objectives: Summarize the purpose of a performance improvement plan.

Integrity-first tutoring: explanations and feedback only — we do not complete graded work. Learn more.