We're Open
+44 7340 9595 39
+44 20 3239 6980

GIVE A SHORT DESCRIPTION OF AN UNVALIDATED REDIRECT ATTACK

  100% Pass and No Plagiarism Guaranteed

GIVE A SHORT DESCRIPTION OF AN UNVALIDATED REDIRECT ATTACK

Question 2. Web Application Attacks 

Objective: Understand how real web application attacks work, and methods for mitigating them.

For this question you must use virtnet (as used in the workshops) to study web application attacks. This assumes you have already setup and are familiar with virtnet. See Moodle and workshop instructions for information on setting up and using virtnet, deploying the website, and performing the attack.

Your task is to:

Create topology 7 in virtnet

Deploy the MyUni demo website on the nodes

On node4, add a user to the grading web application with username set to your student ID, and password set to your first name.

Perform an unvalidated redirect attack, such that the attacker steals your username/password.

While performing the attack, take a screenshot of the window showing the stolen username/password.

After performing and understanding the attack, answer the following sub-questions.

(a)Give a short description of an unvalidated redirect attack, referring to the steps you performed in the attack and the vulnerability your attack exploited. [2 marks]

(b)Assuming a website must use redirects, recommend a technique that can be used to minimise the impact of unvalidated redirect attacks. [1 mark]

(c)In the attack you performed in virtnet, describe what methods the attacker used (other than an unvalidated redirect) and how the attacker benefits from the attack (that is, what do they gain and how?). [3 marks]

(d)Include the screenshot of the stolen username/password obtained during the attack. [2 marks]

Marking Scheme

(a)Clear description, demonstrating understanding of the attack: 2 marks. Some mistakes or misunderstandings: 1 mark. Many mistakes and/or lack of understanding: 0 marks.

(b)One relevant techniques clearly described: 1 mark. No relevant techniques or lack of understanding of techniques: 0 marks.

(c)Clear description of methods and benefits: 3 marks. Minor mistakes or misunderstandings in description: 2 marks. Missing methods or benefits; major mistakes: 1 mark. Lack of understanding of both methods and benefits, or no relevant methods/benefits: 0 marks.

(d)Screenshot showing relevant information: 2 marks. No screenshot or not showing relevant information: 0 marks.


100% Plagiarism Free & Custom Written,
Tailored to your instructions


International House, 12 Constance Street, London, United Kingdom,
E16 2DQ

UK Registered Company # 11483120


100% Pass Guarantee

STILL NOT CONVINCED?

View our samples written by our professional writers to let you comprehend how your work is going to look like. We have categorised this into 3 categories with a few different subject domains

View Our Samples

We offer a £ 2999

If your assignment is plagiarised, we will give you £ 2999 in compensation

Recent Updates

Details

  • Title: GIVE A SHORT DESCRIPTION OF AN UNVALIDATED REDIRECT ATTACK
  • Price: £ 109
  • Post Date: 2018-11-09T12:32:08+00:00
  • Category: Assignment
  • No Plagiarism Guarantee
  • 100% Custom Written

Customer Reviews

GIVE A SHORT DESCRIPTION OF AN UNVALIDATED REDIRECT ATTACK GIVE A SHORT DESCRIPTION OF AN UNVALIDATED REDIRECT ATTACK
Reviews: 5

A masterpiece of assignment by , written on 2020-03-12

My psychology assignment just came on time and the overall quality is good. It’s also free from errors. I simply loved it!
Reviews: 5

A masterpiece of assignment by , written on 2020-03-12

CIPD assignment is not my cup of tea. That’s the reason I sought out this place suggested by my friend. I would say that the writers of this site are really admiring. I was assigned the best CIPD writer that solved all my issues. He explained to me the difficult topics so well that now I am able to talk on those topics eloquently. I owe my writer a huge thanks and praise! And yes, I would recommend other students as well to come to instaresearch.co.uk for the top CIPD assignment help.