This assessment is a lab that you must complete and a report that you would
deliver to your team in an organization. Be sure you read the instructions for the entire assessment carefully to make sure you address all requirements fully.
Complete the Attacking a Vulnerable Web Application and Database lab. As you go through the lab, be sure to:
Perform all screen captures as the lab instructs and paste them into a Word document.
In the
same
Word document:
Explain the concepts and procedures associated with Web and database attacks by addressing the following:
o
Explain when and why the initial penetration test should be performed on a Web server.
o
Explain the similarities and differences between a cross-site scripting attack and a reflective cross-site scripting attack.
o
Identify the Web application attacks that are most likely to compromise confidentiality.
o
Describe techniques to mitigate and respond to SQL injection attacks.
o
Explain how, if this was your responsibility, you would ensure that penetration and Web application testing were part of the implementation process.
o
Explain why you were instructed to set the DVWA security level to low during the lab.
Now apply what you learned in the lab to the following scenario.
Scenario and Your Role
As the head of the international information technology security team for Acme Corporation, you were asked to attend an industry conference on Web security. After the conference, the CISO asked you to present a summary of the conference to several of the IT teams.
