A paraphrasing? homework

I have a homework and all what I need is only a paraphrasing for this homework but it have to be same ORDERS just changing the words a little bit add more and so on. I have attached the HW in a word doc, let me know if you have any questions thank you!
securityfirst.docx

Unformatted Attachment Preview

Don't use plagiarized sources. Get Your Custom Essay on
A paraphrasing? homework
Just from $13/Page
Order Essay

• SecurityFirst Competition
•
Homework 1
101_First of all, on the login page I opened the tamper and I removed the password and it showed me some error on
the page.” The result of this NullPointerException is the displaying of a small portion of the relevant page code via a
standard Tomcat 500 Error page. So, the benefit of the displayed code is “to learn the location of the include file that
contains the database connection credential information.” 110_“Frequently Asked Questions” page I removed the
“Topic” from the URL address, and then I clicked enter, and that should “display a Tomcat error page with a portion
of the JSP page’s code shown.” Moreover, the benefit of the displayed code will be “to learn the input filtering code
to more easily find a way to evade it.” 111 – 112_The “topic” URL variable’s value is filtered to replace any
instance of “../” with a blank string to prevent directory traversal. Because this process is not recursive, by using
“….//” the filter will remove the inner-most “../” and leave the remaining “../” intact. This should be used in
conjunction with Goal 112. 112_The “topic” URL variable’s value is appended with “.html”. By placing a question
mark at the end of the original variable’s value, the appended “.html” appears to be part of the query portion of the
included URL (e.g. “index.jsp?” becomes “index.jsp?.html”).” 101_” This is a simple SQL Injection vulnerability
that allows a user to enter a basic login bypass SQL Injection (e.g. ‘ OR ‘a’=’a) in order to login as a user. More
advanced injections will allow the user to attempt to log into a specific user and not just the first in the database.
This will only allow access a customer’s account and not to a higher-privileged account (admins and managers must
log in through the /secure/login.jsp).” 102_”Because the login page simply hashes the password without any salting
before sending it to the server, a password hash found in the database could be replayed with a tool like Tamper
Data that modifies POST request variables after the form submit takes place. This requires successfully gaining
access to the MySQL database. If real victim users were using this web application on your network, it would be
possible to obtain a hash by packet sniffing their login attempts.” 300_”The only method of initially gaining access
to the /secure/siteadmin/ area of the site is by logging-in through the /secure/login.jsp with correct site admin
credentials. In order to do this, one needs the username and password. The username is easily obtainable after the
contestant has gain access to the MySQL database, but the password hash must be cracked. The contestant must run
the password hashes through a password cracking tool or an online rainbow table.” 310_” The active_users.jsp page
shows a list of all sessions active, including username, e-mail address, role, and last activity time. Session IDs are
shown as well, but our censored for contestants to prevent cross-contestant hacking and cheating. One user “rscott”,
a financial manager, is hard-coded to always have an active session. By modifying their session cookie to the
session ID listed for rscott, contestants can gain access to the financial manager’s already logged-in account.” 120_”
The “users” table in the MySQL database stores the secret (mother’s maiden name) in Base64 format. This used for
the verify that the forgotten password restoration request is coming from the account owner. Because Base64 is just
an encoding method and not encryption or hashing, any user with access to the MySQL database can decode the
secrets easily and are able to reset the password and have the new one sent to the owner’s e-mail. This alone will
not allow access to the account since contestants do not have access to the account owners’ e-mail inboxes.”
400_”There is technically no vulnerability on 400 page, but in order to successfully transfer funds, the manager
account’s password must be re-entered and thus known by the contestant. To gather this information, contestants
must first gain access to the manager’s account using Goal 310, change the e-mail address to their own, log out, and
then use the “forgot my password” feature (Goal 120).” 201_”The 201 transaction comments are neither filtered nor
encoded upon entering into the server or being displayed on the transaction page. This allows for an easy XSS or
XSRF injection point.” 200_”By modifying the “id” variable when attempting to edit a comment for a transaction, a
user is able to post the comment for any transaction. Essentially, the “id” variable is not checked to verify that the
user actually owns the transaction it is associated with. ” 103_”Upon failing to correctly log in on the login page,
users are informed that their activity has been logged. This log is viewed by site admins at
/secure/siteadmin/logviewer.jsp. The log entries for failed log-ins contains the username of the attempted log-in and
because these are neither filtered nor encoded upon entering into the server or being displayed on the log viewer
page, this allows for an XSS or XSRF injection point.”113_”By instructing the FAQ page to include itself, an
infinite loop occurs as the server tries to continuously nest pages. This causes a denial of service and with multiple
threads started on this process, the server will crash quickly.”
Work Cited
#SecurityFirst.docx

Purchase answer to see full
attachment

Order a unique copy of this paper
(550 words)

Approximate price: $22

Basic features
  • Free title page and bibliography
  • Unlimited revisions
  • Plagiarism-free guarantee
  • Money-back guarantee
  • 24/7 support
On-demand options
  • Writer’s samples
  • Part-by-part delivery
  • Overnight delivery
  • Copies of used sources
  • Expert Proofreading
Paper format
  • 275 words per page
  • 12 pt Arial/Times New Roman
  • Double line spacing
  • Any citation style (APA, MLA, Chicago/Turabian, Harvard)

Our guarantees

Delivering a high-quality product at a reasonable price is not enough anymore.
That’s why we have developed 5 beneficial guarantees that will make your experience with our service enjoyable, easy, and safe.

Money-back guarantee

You have to be 100% sure of the quality of your product to give a money-back guarantee. This describes us perfectly. Make sure that this guarantee is totally transparent.

Read more

Zero-plagiarism guarantee

Each paper is composed from scratch, according to your instructions. It is then checked by our plagiarism-detection software. There is no gap where plagiarism could squeeze in.

Read more

Free-revision policy

Thanks to our free revisions, there is no way for you to be unsatisfied. We will work on your paper until you are completely happy with the result.

Read more

Privacy policy

Your email is safe, as we store it according to international data protection rules. Your bank details are secure, as we use only reliable payment systems.

Read more

Fair-cooperation guarantee

By sending us your money, you buy the service we provide. Check out our terms and conditions if you prefer business talks to be laid out in official language.

Read more

Calculate the price of your order

550 words
We'll send you the first draft for approval by September 11, 2018 at 10:52 AM
Total price:
$26
The price is based on these factors:
Academic level
Number of pages
Urgency

Order your essay today and save 15% with the discount code DISCOUNT15