CYB_240_Module_Three_Lab_Bailey_Holly
.docx
keyboard_arrow_up
School
University of Missouri, Columbia *
*We aren’t endorsed by this school
Course
7850
Subject
Computer Science
Date
Apr 3, 2024
Type
docx
Pages
3
Uploaded by bails4
Bailey Holly
Professor Bernuy
Application Security CYB-240-R3445
28 January 2024
CYB 240 Module Three Lab Worksheet
Complete this worksheet by replacing the bracketed phrases in the Response column with the relevant information.
Lab: SQL Injections (SQLi)
Prompt
Response
In the lab section “Analysis of the Vulnerability,” Step 20
, insert your name at the command line below the output and include it in your screenshot.
In the lab, we demonstrated the dangers of unsecured input and how
it can lead to SQLi. The lab also demonstrated how escaping can be used to mitigate an SQLi password bypass attack. Explain the steps of escaping and why it was successful in mitigating the SQL injection attack.
The first step is to identify special characters in the user input that have a specific meaning in SQL. Once the special characters are identified, these characters are replaced with harmless versions that won’t be interpreted as
SQL commands. Special characters are prepended with a backlash to escape their functionality, such as ‘\’ becomes ‘\\’. By escaping special characters, an attacker's injected SQL code becomes part of the data itself, instead of manipulating the query structure. This prevents unintended execution of malicious commands and protects the database from compromise.
Bailey Holly
Professor Bernuy
Application Security CYB-240-R3445
28 January 2024
Lab: Performing SQL Injection to Manipulate Tables in a Database
Prompt
Response
In the lab section “Stealing Data and Creating a Backdoor,” Step 7
, insert your last name as the user that is created. Also use the name in
Step 8. Take a screenshot after Step 8.
Metasploit is an open source free tool that is shipped with Kali Linux. The tool can also be added to other distributions of Linux. How can this tool be used by security analysts to help secure computer systems that they are responsible for maintaining?
Metasploit provides a vast library of exploits, security analysts can leverage this to scan their systems for known vulnerabilities and assess their patching priorities. Metasploit modules can be used to simulate attacks, this helps analysts evaluate the effectiveness of their firewalls, IDS, and other security tools in detecting and preventing attacks. Analysts can use Metasploit modules to test their code for vulnerabilities and improve the overall security of their applications.
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
- Access to all documents
- Unlimited textbook solutions
- 24/7 expert homework help
Related Questions
Submit Result Key Here..
Subm
SQL Injection Escaping Challenge
To complete this challenge, you must exploit SQL injection flaw in the following form to find the result key. The
developer of this level has attempted to stop SQL Injection attacks by escaping apostrophes so the database
interpreter will know not to pay attention to user submitted apostrophes
Challenge Hint
This is the query you are injecting code into! Be aware that your apostrophes are being escaped with a leading
backslash before being sent to the interpreter
SELECT FROM customers WHERE customerld ="
Please enter the Customer Id of the user that you want
to look up
Get user
There were no results found in your search
arrow_forward
Compulsory Task 1
Answer the following questions:
HHyperionDev
●
Go to the w3schools website's SQL browser IDE. This is where you can
write and test your SQL code using their databases. Once you are happy
with it, paste your code in a text file named Student.txt and save it in your
task folder.
Write the SQL code to create a table called Student. The table structure is
summarised in the table below (Note that STU_NUM is the primary key):
STU_NUM
Attribute Name
STU_SNAME
STU_FNAME
STU_INITIAL
STU_STARTDATE
COURSE_CODE
PROJ_NUM
STU_ STU_S STU_F STU_INITIAL
NUM NAME NAME
01
02
Snow John
After you have created the table in question 1, write the SQL code to enter
the first two rows of the table as below:
E
Stark Arya с
CHAR(6)
VARCHAR(15)
VARCHAR(15)
CHAR(1)
DATE
CHAR(3)
INT(2)
Data Type
STU_STARTDATE | COURSE_
CODE
05-Apr-14
12-Jul-17
201
305
PROJ_
NUM
6
11
• Assuming all the data in the Student table has been entered as shown
below, write the SQL code that will list all attributes for a…
arrow_forward
Q11: After mapping the following ERD, choose the correct SQL statement
that will insert a single row to the Vertebrates Table
AID
weight
Vertebrates
vertrebraLength
Animal
AName
Disjoint
ISA
Invertebrates
locations
Eats
amountPerDay
type
Food
FID
a. Insert into Vertebrates (VertebratesLength) values (1.5')
b. Insert into Vertebrates (AID, AName, Weight) values (101', 'Salmon',
'30')
c. Insert into Vertebrates (AID, AName, Weight, VertebratesLength)
values (101, 'Salmon', '30','1.5)
d. Insert into Vertebrates (AID, Vertebrates Length) values (101', '1.5')
arrow_forward
PATHS is a table that contains information about paths on a number line. The
structure of PATHS is as follows, where x1 and x2 represent that there is a path
from Coordinate x1 to Coordinate x2 (You can't move from Coordinate x2 to
Coordinate x1 ).
NAME
ΤΥΡE
NULLABLE
X1
INT
FALSE
X2
INT
FALSE
Problem
Please write an SQL statement that returns the beginning and end point of each
path in PATHS . Sort them by the value of the beginning point in ascending order.
Constraints
• In the case where a direct path from Coordinate a to Coordinate b is
available, no path from Coordinate b to Coordinate a will be given.
|x1-x2| = 1
• No path will overlap with one another.
Example
Suppose that PATHS is as follows:
x1
x2
1
2
2
3
4
7
7
6
This table can be visualized as follows:
START
END
END
START
7
8.
9
Therefore, your SQL statement must return the following:
start
end
1
4
8
6
arrow_forward
Computer Science
SQL Computer science question:
Write out a scenario where you would constrain and validate the user input to prevent a SQL injection attack. Explain what the input is, and write the code snippet showing how you validated it.
arrow_forward
Write a SQL statement that will add the below row to the Task table.TaskID Description Duration StartDate TeamMemberID4 Implementemailnotifications2
arrow_forward
use sql to answer the following question
Task 1: Creating a Logon Procedure
The home page of the Brewbean’s Web site has an option for members to log on with their IDs
and passwords. Develop a procedure named MEMBER_CK_SP that accepts the user ID and password
as inputs, checks whether they match a valid logon, and returns the member first name+lastname and cookie
value.
The name should be returned as a single text string containing the first and last name.
The head developer wants the number of parameters minimized so that the same
parameter is used to accept the password and return the name value. (passwd Paramater as IN OUT use passwd as INPUT firstname||lastname as OUTPUT)
Also, if the user doesn’t enter a valid username and password, return the value INVALID in a parameter named
p_check.
Test the procedure using a valid logon first, with the username rat55 and password kile. Then try it with an invalid logon by changing the username to rat and kile999 password.
Hint:…
arrow_forward
with it, paste your code in a text file named Student.txt and save it in your
task folder.
Write the SQL code to create a table called Student. The table structure is
summarised in the table below (Note that STU_NUM is the primary key):
STU_NUM
Attribute Name
STU_SNAME
STU_FNAME
STU_INITIAL
STU_STARTDATE
COURSE_CODE
PROJ_NUM
STU STU_S STU_F STU_INITIAL
NUM NAME NAME
01
02
Snow John
E
CHAR(6)
After you have created the table in question 1, write the SQL code to enter
the first two rows of the table as below:
Stark Arya с
VARCHAR(15)
VARCHAR(15)
CHAR(1)
DATE
CHAR(3)
INT(2)
Data Type
STU_STARTDATE COURSE_ PROJ_
CODE
NUM
05-Apr-14
12-Jul-17
201
305
6
11
Assuming all the data in the Student table has been entered as shown
below, write the SQL code that will list all attributes for a COURSE_CODE of
305.
arrow_forward
example inn 100 sqlmstatement
arrow_forward
Trying to write statements for these shown here and having issues with them working
arrow_forward
SEE MORE QUESTIONS
Recommended textbooks for you
Np Ms Office 365/Excel 2016 I Ntermed
Computer Science
ISBN:9781337508841
Author:Carey
Publisher:Cengage
Related Questions
- Submit Result Key Here.. Subm SQL Injection Escaping Challenge To complete this challenge, you must exploit SQL injection flaw in the following form to find the result key. The developer of this level has attempted to stop SQL Injection attacks by escaping apostrophes so the database interpreter will know not to pay attention to user submitted apostrophes Challenge Hint This is the query you are injecting code into! Be aware that your apostrophes are being escaped with a leading backslash before being sent to the interpreter SELECT FROM customers WHERE customerld =" Please enter the Customer Id of the user that you want to look up Get user There were no results found in your searcharrow_forwardCompulsory Task 1 Answer the following questions: HHyperionDev ● Go to the w3schools website's SQL browser IDE. This is where you can write and test your SQL code using their databases. Once you are happy with it, paste your code in a text file named Student.txt and save it in your task folder. Write the SQL code to create a table called Student. The table structure is summarised in the table below (Note that STU_NUM is the primary key): STU_NUM Attribute Name STU_SNAME STU_FNAME STU_INITIAL STU_STARTDATE COURSE_CODE PROJ_NUM STU_ STU_S STU_F STU_INITIAL NUM NAME NAME 01 02 Snow John After you have created the table in question 1, write the SQL code to enter the first two rows of the table as below: E Stark Arya с CHAR(6) VARCHAR(15) VARCHAR(15) CHAR(1) DATE CHAR(3) INT(2) Data Type STU_STARTDATE | COURSE_ CODE 05-Apr-14 12-Jul-17 201 305 PROJ_ NUM 6 11 • Assuming all the data in the Student table has been entered as shown below, write the SQL code that will list all attributes for a…arrow_forwardQ11: After mapping the following ERD, choose the correct SQL statement that will insert a single row to the Vertebrates Table AID weight Vertebrates vertrebraLength Animal AName Disjoint ISA Invertebrates locations Eats amountPerDay type Food FID a. Insert into Vertebrates (VertebratesLength) values (1.5') b. Insert into Vertebrates (AID, AName, Weight) values (101', 'Salmon', '30') c. Insert into Vertebrates (AID, AName, Weight, VertebratesLength) values (101, 'Salmon', '30','1.5) d. Insert into Vertebrates (AID, Vertebrates Length) values (101', '1.5')arrow_forward
- PATHS is a table that contains information about paths on a number line. The structure of PATHS is as follows, where x1 and x2 represent that there is a path from Coordinate x1 to Coordinate x2 (You can't move from Coordinate x2 to Coordinate x1 ). NAME ΤΥΡE NULLABLE X1 INT FALSE X2 INT FALSE Problem Please write an SQL statement that returns the beginning and end point of each path in PATHS . Sort them by the value of the beginning point in ascending order. Constraints • In the case where a direct path from Coordinate a to Coordinate b is available, no path from Coordinate b to Coordinate a will be given. |x1-x2| = 1 • No path will overlap with one another. Example Suppose that PATHS is as follows: x1 x2 1 2 2 3 4 7 7 6 This table can be visualized as follows: START END END START 7 8. 9 Therefore, your SQL statement must return the following: start end 1 4 8 6arrow_forwardComputer Science SQL Computer science question: Write out a scenario where you would constrain and validate the user input to prevent a SQL injection attack. Explain what the input is, and write the code snippet showing how you validated it.arrow_forwardWrite a SQL statement that will add the below row to the Task table.TaskID Description Duration StartDate TeamMemberID4 Implementemailnotifications2arrow_forward
- use sql to answer the following question Task 1: Creating a Logon Procedure The home page of the Brewbean’s Web site has an option for members to log on with their IDs and passwords. Develop a procedure named MEMBER_CK_SP that accepts the user ID and password as inputs, checks whether they match a valid logon, and returns the member first name+lastname and cookie value. The name should be returned as a single text string containing the first and last name. The head developer wants the number of parameters minimized so that the same parameter is used to accept the password and return the name value. (passwd Paramater as IN OUT use passwd as INPUT firstname||lastname as OUTPUT) Also, if the user doesn’t enter a valid username and password, return the value INVALID in a parameter named p_check. Test the procedure using a valid logon first, with the username rat55 and password kile. Then try it with an invalid logon by changing the username to rat and kile999 password. Hint:…arrow_forwardwith it, paste your code in a text file named Student.txt and save it in your task folder. Write the SQL code to create a table called Student. The table structure is summarised in the table below (Note that STU_NUM is the primary key): STU_NUM Attribute Name STU_SNAME STU_FNAME STU_INITIAL STU_STARTDATE COURSE_CODE PROJ_NUM STU STU_S STU_F STU_INITIAL NUM NAME NAME 01 02 Snow John E CHAR(6) After you have created the table in question 1, write the SQL code to enter the first two rows of the table as below: Stark Arya с VARCHAR(15) VARCHAR(15) CHAR(1) DATE CHAR(3) INT(2) Data Type STU_STARTDATE COURSE_ PROJ_ CODE NUM 05-Apr-14 12-Jul-17 201 305 6 11 Assuming all the data in the Student table has been entered as shown below, write the SQL code that will list all attributes for a COURSE_CODE of 305.arrow_forwardexample inn 100 sqlmstatementarrow_forward
arrow_back_ios
arrow_forward_ios
Recommended textbooks for you
- Np Ms Office 365/Excel 2016 I NtermedComputer ScienceISBN:9781337508841Author:CareyPublisher:Cengage
Np Ms Office 365/Excel 2016 I Ntermed
Computer Science
ISBN:9781337508841
Author:Carey
Publisher:Cengage