Question: Question 2. (35 POINTS) In a web based transaction, you can give harm to client in many ways. One of them is to use a

Question 2. (35 POINTS) In a web based transaction, you can give harm to client in many ways. One of them is to use a proxy to trap transferred values from client to server and modify them on the way. In this exercise you will use the Paros web application security tool for this purpose to test your own web documents. Download and install the free Paros tool from URL: http://www.parosproxy.org/index.shtml (available for Unix and Windows OSes). Please follow the installation steps carefully (e.g. you need to make sure that JDK/Java Run Time Environment (JRE) 1.4.2 -or above- is installed on your computer already). Paros works in interaction with your web browser. So, you need to set the proxy settings of your browser as well. The users guide for Paros at the same URL seem to have been removed. So, you may use the following links to get help with the Paros tool: http://www.madirish.net/191 2 https://www.youtube.com/watch?v=Ytr0DmVE5Bo http://singhshardul.blogspot.com/2007/06/paros-proxy-step-by-step-guide.html http://www.michaelboman.org/books/paros-proxy A simple search on Internet should also retrieve supporting documents for this tool. Then, create test web documents with php scripts that uses: - Case 1: Simple get methods (e.g. getting username and password, demographic information of user, etc.). - Case 2: Simple post method. Note: The get and post methods have been introduced in class. You can also refer to the attached help for hw7.ppt document to see the sample code in which these two methods are used. If you have problems with running your php code, please collaborate with our TAs to get help. Using the Paros tool, analyze both case 1 and case 2 above and submit the following:

2.A.) (20 POINTS: 10 POINTS for get, 10 POINTS for post) Vulnerability report of your test web documents. How serious is the vulnerability of your code? High, medium, or else? Include this report in your homework report and comment on this.

2.B.) (15 POINTS: 7.5 POINTS for get, 7.5 POINTS for post) Use Trap response and Trap request functions of the Paros tool to capture the on the fly requests/responses and try modifying them. Take screen shots for this test and include in your homework report.

Step by Step Solution

There are 3 Steps involved in it

1 Expert Approved Answer

Step: 1 Unlock blur-text-image

Question Has Been Solved by an Expert!

Get step-by-step solutions from verified subject matter experts

Step: 2 Unlock

Step: 3 Unlock

Students Have Also Explored These Related Databases Questions!

National Business Institute of Australia 20 Clark Rd. Ivanhoe Victoria 3079 www.nbi.com.au 03 9499 7872 FNSORG601A Negotiate to achieve goals and manage disputes Student Workbook melbourne . sydney ....

Need help with these multiple choice questions for internal audit final exam. Due in 2 hours. QUESTION 1 RsQ_004Without management direction and assumption of responsibility, it would be...

Case study: Remedy Physiotherapy. I need help in drafting a marketing plan Names of people and businesses are disguised. Some aspects of the local area and the physiotherapy industry are simplified...

Objective This Course Project gives you the opportunity to practice by planning a project, from the onset with a project charter to an established project schedule and related artifacts. This Course...

Pleasedo not respond through AI tools like ChatGPT or Gemini, as nearly all their answers have been consistently "incorrect". Please answer the MCQ questions only if you have the knowledge to solve...

Pleasepleasedo not respond through AI tools like ChatGPT or Gemini, as nearly all their answers have been consistently incorrect. Please agree to answer the MCQ questions only if you have the...

Pleasepleasedo not respond through AI tools like ChatGPT or Gemini, as nearly all their answers have been consistently "incorrect". Please answer the MCQ questions only if you have the knowledge to...

Please see the attachment for questions on the Exam. INSTRUCTIONS This is an open book exam. You are allowed to use any of the week 1-3 materials (readings, lectures, discussion postings). You cannot...

Question 1 1 points Save Businesses that depend heavily on venture capital funding____. find that the ownership share of the entrepreneur-owners is diluted typically borrow money from the venture...

Question 39 2.5 Points Leaders, who are high in Initiating structure, focus on job satisfaction of subordinates B focus on welfare of subordinates are results-oriented and focus on the accomplishment...

A new factory (10MVA power capacity) needs to connect to an existing grid. In this grid extension, which components and connections will you use? Please also illustrate your solution in a diagram...

A dry etch process is used to etch silicon dioxide (SiO2) off of silicon wafers. An engineer wishes to study the uniformity of the etching across the surface of the wafer. A total of 10 wafers are...

Question 2 0 . 4 pts Ami has entered into a 1 2 - month lease for an apartment. After the 1 2 months are up , the lease turns into a month - to - month lease. The month - to - month lease is what...

Compared with half a century ago, adoption has become _ _ _ _ _ _ _ _ _ common, but it is more open and acceptabl e , so we probably discuss it _ _ _ _ _ _ _ . fill in the blanks more or much less or...

Are there lessons that can be learned from the experience that will inform future practice in a positive manner?

Was there an effort to involve the appropriate people?

18. If you have power, then people will dislike and fear you.