Scribd Logo
Upload

Welcome to Scribd!

  • Practical Task 3

    Uploaded by

    F1072 Divisha
    12 views3 pages
    i. The document provides instructions for two practical tasks involving information security: 1) Performing SQL injection on the Damn Vulnerable Web App to obtain database and user information, and 2) Encrypting and decrypting a Microsoft Word file containing a name and student ID using VeraCrypt software. ii. For task 1, students are asked to use SQL injection to find the database name, list 5 columns, show passwords for 3 users without hashing, and discuss SQL injection prevention methods. iii. For task 2, students must display the steps to encrypt and decrypt their name and student ID in a Microsoft Word file using VeraCrypt, and discuss 3 attacks on unencrypted data. Rubrics are provided to

    Original Description:

    Copyright

    © © All Rights Reserved

    Available Formats

    PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document
    i. The document provides instructions for two practical tasks involving information security: 1) Performing SQL injection on the Damn Vulnerable Web App to obtain database and user information, and 2) Encrypting and decrypting a Microsoft Word file containing a name and student ID using VeraCrypt software. ii. For task 1, students are asked to use SQL injection to find the database name, list 5 columns, show passwords for 3 users without hashing, and discuss SQL injection prevention methods. iii. For task 2, students must display the steps to encrypt and decrypt their name and student ID in a Microsoft Word file using VeraCrypt, and discuss 3 attacks on unencrypted data. Rubrics are provided to

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    12 views3 pages

    Practical Task 3

    Uploaded by

    F1072 Divisha
    i. The document provides instructions for two practical tasks involving information security: 1) Performing SQL injection on the Damn Vulnerable Web App to obtain database and user information, and 2) Encrypting and decrypting a Microsoft Word file containing a name and student ID using VeraCrypt software. ii. For task 1, students are asked to use SQL injection to find the database name, list 5 columns, show passwords for 3 users without hashing, and discuss SQL injection prevention methods. iii. For task 2, students must display the steps to encrypt and decrypt their name and student ID in a Microsoft Word file using VeraCrypt, and discuss 3 attacks on unencrypted data. Rubrics are provided to

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    of 3

    NAME

    REGISTRATION
    NUMBER
    CLASS MARKS
    CODE/SUBJECT DFS30023 – INFORMATION SECURITY
    PT3 (Individual Practical Task)
    ASSESSMENT 35

    Subtopic: 4.1 Trace authentication


    4.2 Show encryption scheme
    Duration: 6 hours

    ANSWER ALL QUESTIONS


    Instruction(s): Please fulfill all the required task. Refer to the given marking rubric.

    Question 1 (CLO1, P3)

    Damn Vulnerable Web App (DVWA) is a PHP/MySQL web application that is damn vulnerable. Its
    main goals are to be an aid for security professionals to test their skills and tools in a legal environment,
    help web developers better understand the processes of securing web applications and aid
    teachers/students to teach/learn web application security in a class room environment.

    Reference: http://www.dvwa.co.uk/

    By using DVWA web application, perform an SQL Injection and provide the information required as
    per below. Print screen every steps to gain the information.

    i. Name of the database.


    ii. List at least five columns that you found in the database.
    iii. Show the username and password for at least 3 users. The password must not be in hash.
    iv. Discuss the methods/techniques to prevent from SQL Injection.

    Question 2 (CLO2, P3)

    Display your step to encrypt and decrypt a Microsoft Word file by using VeraCrypt software. Inside the
    Microsoft Word file, you are required to put your Name and Student ID.

    i. List and print screen the step to encrypt and decrypt your name and your student ID.
    ii. Discuss THREE (3) attacks that attacker can launch if encryption technique is not applied.

    NOTE:
    1. No marks will be given for plagiarism work. 

    PRACTICAL TASK 3: RUBRICS FOR QUESTION 1

    NAME MATRIC NO.


    S1

    Excellent Very Good Good Fair Unsatisfactory


    CLO Skills / Aspects Total
    5 4 3 2 1

    Always analyze Sometimes analyze


    Fully analyze and Seldom analyze and Hardly analyze and
    Manage Information: and integrate and integrate
    integrate acquired integrate acquired integrate acquired
    Able to manage acquired acquired
    information with own information with own information with
    acquired information. information with information with
    ideas. ideas. own ideas.
    own ideas. own ideas.

    Problem solving: Highly capable Capable in Barely capable Limited Incapable


    Able to apply in applying applying new in applying new in applying new in applying new
    new/simplified new/simplified /simplified /simplified /simplified /simplified
    approaches to approaches to approaches to approaches to approaches to approaches to
    problem problem solving problem solving problem solving problem solving problem solving
    CLO2 solving

    Result: All the result Result with minor Result with major Result shown are Totally wrong or no
    Successful result are
    are shown to the error are shown to error shown to incorrect but still can result shown to the
    shown to instructor.
    instructor. instructor. instructor. be corrected. instructor.

    Able to follow Trying to follow the


    Procedure: Students Able to follow, Able to follow and Student cannot
    procedure with procedure with a lot of
    able to follow all the demonstrate and demonstrate the follow the
    some missing missing elements or
    instruction and explain the procedure procedure procedure
    element or task task
    procedure given by
    the instructor.

    Total
    20
    PRACTICAL TASK 3: RUBRICS FOR QUESTION 2

    NAME MATRIC NO.


    S1

    Excellent Very Good Good Fair Unsatisfactory

    CLO Skills / Aspects Total


    5 4 3 2 1

    Always analyze Sometimes Hardly analyze and


    Manage Information: Fully analyze and Seldom analyze and
    and integrate analyze and integrate acquired
    Able to manage acquired integrate acquired integrate acquired
    acquired integrate acquired information with own
    information. information with information with own ideas.
    information with information with ideas.
    own ideas.
    own ideas. own ideas.

    Problem solving: Highly capable in Capable in applying Barely capable in Incapable in applying
    CLO2 Limited in applying new
    Able to apply applying new /simplified applying new new /simplified
    /simplified approaches to
    new/simplified new/simplified approaches to /simplified approaches to problem
    problem solving
    approaches to problem approaches to problem solving. approaches to solving
    solving problem solving problem solving

    Result: All the result are Successful result Result with minor Result shown are incorrect Totally wrong or no result
    Result with major
    shown to the instructor. are shown to error are shown to but still can be corrected. shown to the instructor.
    error shown to
    instructor. instructor.
    instructor.

    Total
    15

    You might also like