QUESTION 1 QUESTION 2 QUESTION 3

a. Explain why the policy is important to secure the form. c. Explain additional techniques to increase the hash password b. Explain the impact of the action.
- Preventing unauthorized access. security. - Result in unauthorized access to sensitive data such as password, credit
- Data confidentiality 1. Salted hashed card credit, personal user user info.
- Protection against (xss) attack - Add some extra plaintext on password before it hashed - High – profile data breach leads to reputational damages and regularly
- Mitigating Cross – site request forgery (csrf) fines.
- Ensuring data integrity - Attacker can obtain persistent backdoor into an organization system :
- Protection against SQN Injection leading to long – term compromise.
2. Slow hashing algo
b. The current policy for the user id and password fields. c. Show how the SOL query statement will be generated when the input
- Bcrypt
- Use capital letter is sent to a "User" table in a database and shows the result of the
- Use technique ‘key stretching’ to slow down the brute force
- Use special character query.
3. Pepper hashes
- Avoid easily guessable word
- Set of value attached to put d4 it hashes
d. In PHP, the popular hash function is p a s s w o r d _ h a s h
c. Indicate the consequences if each input field of the form in Figure
()which uses a Bcrypt algorithm. Write the PHP code to hash a
Q1 is not well validated.
password variable and verify the password using the p a s s w
- XSS attack will occur
ord_hash ().
- Data corruption, improper display
<?php
- Weaker security d. Explain TWO (2) ways that the organization can adopt to prevent SOL
$password = “comel”;
$hashedpassword = password_hash ($password,PASSWORD_BCRYPT); Injection attacks.
d. Using a filter_var() funct ion, write a PHP code to show input 1. use parameterized queries or prepared statement, example:
$enteredpass = “comel”;
validation for the email field. $username = %_POST[‘username’];
If (password_verify($enteredpass,$hashedpassword)){
<? php $password = $_POST[‘password’];
Echo “Password is valid”;
If (!empty ($_POST[‘email’])){ $query = “Select * from users whre username = ? and password = ?”;
}
$email=tim (htmlspecialcharts ($_POST[‘email’] $strnt = $mysqli-> prepare($query);
Else{
$email=filter_var ($email,FILTER_VALIDATE_EMAIL); $strnt-> bind_param(“ss”, $username, $password);
Echo”password invalid”;
If ($email===false)[ $strnt -> execute();
}
Exit (‘invalid’); $result = $strnt - > get_result();
?>
}
} 2. Input validation and sanitization, example:
QUESTION 3
$username = $_POST [‘username’];
QUESTION 2 $password = $_POST [‘password’];
If (preg-match (‘/’[a-Za-Z0-9_]+$/’$username)){
a. Password hashing is a one-way process of securing plain text $query = “select * from users where username = ‘$username’ and
password by creating a bit string of a fixed size called hash using password = ‘ $password’ “;
cryptographic hash function. Lists FIVE (5) types of hash $result = $mysqli -> query ($quert);
algorithms. }
Md2, md5, SHA-1 ,SHA-512, CRC-32 a. Describe the type of action that the attacker is trying to perform on
Else{
b. Describe the THREE (3) main criteria to select the best hash the "Sign in" page as shows in Figure Q3.
Echo “invalid format”;
algorithm. - Sql injection based on 1=1 always true.
{
1. Quality – unique hash value - Sql is valid and will return all rows from the users table since OR 1=1 is
- Imposible to produce the same hash value entering diff true.
3. Using prepared statement , write php code for email and password
inputs - Danger if the user table contain name, pw.
parameter:
2. Hashing speed $query =”select” from user where email = ? and password?;
- Able to produce quick hash value $strnt = $mysqli -> prepare ($query);
3. Secure hash $strnt -> bind_param(“ss”’$email, $passsword);
- Imposible to determine the input $strnt - > excute();
- Small change input generator totally different hash. $result = strnt -> get_result();
QUESTION 4 XSS ATTACK DIRECTORY INDEXING ATTACK
Xss is when attacker can inject malicious code into input field to When a user types in a request for a page on a web site, the webb server
manipulate the behavior of web page processes the request, searches the web document out directory for the
>xss happens when there is no proper sanitation/validation of input default file name, and then sends this page to the use. If the server canot
find the page, it will issue a directory listing and send to the output HTML
XSS IMPACT format to the user.
1. gives the complete control of the user experience
2. stealing cookie and session info STEP TO PREVENTING A DIRECTORY LISTING
3.perfoming HTTP request with user session 1. Get yout existing .htaccessFile, if any. Connect to your website using
a. Demostrate how to disable a directory listing in an apache server 4. Redicting user to hostile website. an FTP or SPTP software.
- to disable directory lsiting for a specific directory, add the following 5. accesing and manipulating client – side storage\ 2. Create or open the htaccess file.
setting in Apache virtual host / create a htaccess file in that directory 6. installing malware. 3. Disable indexing
with below content. 4. Make a backup of the htaccess file.
- the options – indexes diasable the listing of files on the websites if an SQL INJECTION 5. Saving and uploading the file
index file is missing. Is a code injection technique that might destroy your database impact or 6. Test Your site
a successful SQLi
IN APACHE VIRTUAL HOST: - Unauthorized access to sensitive data
<Directory /var/www/public_html> - High profile data breach
Options- indexes - Attacker can obtain persistent backdoor
</Directory>
WAY TO IMPLEMENT RANDOM SALT HASHING ALGORITHM
IN HTACCESS FILE: $hash=password_hash($password, PASSWORD_DEFAULT);
Options – indexes
RETRIEVING HIDDEN DATA
-while using the htaccess, makesure that apache server is enable to use https://insecure-website.com /products?category=gift –
htaccess files for the directory. Mostly htaccess is disable by default.  Query will looked as below
-Finally, restart apache service after making any changes in virtual host SELECT * FROM products WHERE category = ‘Gifts’__’ AND release =1
to apply changes.
 The double dash sequenc – is a comment indicator in SQL,
b. Identify the important information can be gathered from Figure Q4. means rest of query is interpreted as a comment
1. directory listing  This effectively removes the remainder of the query, so it no
- the directory listing reveals the comment of a directory on web server. longer includes AND release = 1.
2. File names and size  All producer are displayed, including unreleased prodeucts.
- None of various files are listed along with timestamps and size.
3. Present of file name PREVENT SQL INJECTION
- sensitive info might appear in certain file. $strnt = $conn-> prepare (“insert into myguest (firstname,
4. expose “old-pass.txt” may contain sensitive info – related pass lastname,email) values (?,?,?,)”);
5. Details about web server and its configurations $strnt -> bind_param (“sss”, $firstname, $lastname, $email);
- Attacker might exploit known vulnerabilities associated with specific
version of apache, ssl/php. $firstname = “joe”;
$lastname = “john”;
$email = “many@example.com”;
$strnt -> execute ();

ADVANTAGE OF PREPARED STATEMENT

 Reduce porsing time as the preparation on the query is the
only oonce