M8.6 Lab

Please write a report on both model 6 and 8 labs that discuss each labs objective and their expected outcome.

Introduction

Vulnerable databases can expose sensitive information to intruders. Ensuring its safety is of paramount importance. SQL Injection is one of the most common attacks on a web application. In this lab activity, you will use the DVWA application to simulate an attack, and then list the various preventative measures that are available to avoid SQL injection attacks on web applications.

What is a SQL Injection?

SQL injection (also known as SQL fishing) is a technique often used to attack data-driven applications.
This is done by including portions of SQL statements in an entry field in an attempt to get the website to pass a newly formed rogue SQL command to the database (e.g., dump the database contents to the attacker). SQL injection is a code injection technique that exploits a security vulnerability in an application’s software.
The vulnerability happens when user input is either incorrectly filtered for string literal escape characters embedded in SQL statements or user input is not strongly typed and unexpectedly executed. SQL injection is mostly known as an attack vector for websites but can be used to attack any type of SQL database.
What is SQL Injection Harvesting?

SQL Injection Harvesting is where a malicious user supplies SQL statements to render sensitive data such as usernames, passwords, database tables, and more.
What is Damn Vulnerable Web App (DVWA)?

Damn Vulnerable Web App (DVWA) is a PHP/MySQL web application that is damn vulnerable.
Its main goals are to be an aid for security professionals to test their skills and tools in a legal environment, help web developers better understand the processes of securing web applications and aid teachers/students to teach/learn web application security in a classroom environment.
Instructions

Pre-Requisite Lab

Damn Vulnerable Web App (DVWA): Lesson 1: How to Install DVWA in Fedora 14 http://www.computersecuritystudent.com/SECURITY_TOOLS/DVWA/DVWAv107/lesson1/index.html
Lab Notes

In this lab we will do the following:
We use inject always true SQL statements into the SQL Injection User ID field with security set to low.
We will obtain the username and raw-MD5 password contents from the user’s table.
We will use John the Ripper to crack the raw-MD5 password HASH for each user.
Follow the steps given in the following document:

DVWA SQL Injection Lab
Once you have completed the lab, please answer the following questions in 1 to 2 pages:

What are some of your suggested changes to the code of the given website to eliminate the SQL-injection vulnerability?
What were some lessons learned from this project and how can these skills be used in the future?