week 4
Lab #4 – Assessment Worksheet
Exploiting Known Web Vulnerabilities on a Live Web Server Course Name and Number: ________________________________________________________________
Student Name: ________________________________________________________________
Instructor Name: ________________________________________________________________
Lab Due Date: ________________________________________________________________
Lab Assessment Questions
1. What are the OWASP Top 10 vulnerabilities for 2017?
2. What is a Brute Force attack and how can the risks of these attacks be mitigated?
3. Explain a scenario where a hacker may use cross-site request forgery (CRFS) to perform authorized transactions.
4. What are the web application attacks that you performed in this lab using the DVWA?
5. Phishing is the practice of trying to obtain extra personal information such as passwords or banking details while in the guise of a trusted website. What type of web application vulnerability is exploited by hackers who use a phishing page on a website?
6. What could be the impact of a successful SQL injection?
7. What would finding the URL http://www.testurl.com/../../../../../../../../../../../../etc/passwd in your web logs indicate?
8. How would you ensure security between a web application and an SQL server?
- Course Name andNumber:
- Student Name:
- Instructor Name:
- LabDue Date:
- Q1:
- Q2:
- Q3:
- Q4:
- Q5:
- Q6:
- Q7:
- Q8: