User Account

All Pages

Write a bash script to check whether the given certificate

Assignment Help Other Subject
Reference no: EM133523920

Securing Networks

Question 1 (Internet Security)

In this question, you will need to complete the following tasks (you may want to refer to Week 4 for relevant knowledge and skills required, although other weeks' material might be useful too.):

A2 Login Page, for Question 2 Assignment 2(attached)

1. In the assignment folder, you should be able to find a certificate named sam- ple cert.cer. Use the openssl utility to convert the certificate into text format. Notes: In Week 4 tutorial you have used openssl to open certificates successfully, but the command for this (sub-)question can be slightly differ- ent because of a new format (DER format for this assignment).

2. Write a bash script to check whether the given certificate (sample cert.cer) is on the Certificate Revocation List (CRL) from the Certificate Authority (CA) by following the steps below:
Step 1: Extracting and printing out the CRL HTTP(S) of CA's Server.
• Step 2: Extracting and printing out CRL's filename.
Step 3: Downloading the CRL from CA's server (you can use the wget command).
• Step 4: Extracting the list of serial numbers from the CRL.
Step 5: Extracting the serial number from the given certificate (sam- ple cert.cer).
Step 6: Checking whether the given certificate's serial number (extract- ed in Step 5) is from the CA's CRL (extracted in Step 4) or not. If "yes", please print out "The given certificate is on the CRL, i.e., revoked by the CA", otherwise please print out "The given certificate is not on the CRL, i.e., not revoked by the CA".

See Fig 2 for an expected output for Question 1 (you may need to zoom in the picture for a clearer view).

Question 2 (Web Security:)

You may want to refer to Week 5 and Week 6 for relevant knowledge and skills required for Question 2, although other weeks' material might be useful too.

A web server script (a2server.py) has been distributed to you. Please run the script with Python 3 locally to complete Question 2. You need to install Flask to run this server. If you want to know how to install Python 3 and Flask, please check Part II of Week 6 Tutorial.
After starting the server locally (using the command Python3 a2server.py), please open your web browser (Chrome or Firefox preferred) and enter the

The web server code was written in Python 3 with Flask module, however you are not required to write any Python code for completing this question. You will only need to write a simple SQL query statement (for Sub-question 1) and Javascript code (for Sub-question 2). All knowledge required for completing this question has been covered in class.

1. SQL injection attack (5 marks). Your goal in this Sub-question is to in- ject an SQL query statement which enables you to log in as Alice without knowing Alices password. Alice's email is [email protected], while Alice's password is unknown to you. Based on what you have learned in CSC8520

Lecture 5 and Tutorial 5, find a way to log in as Alice (without knowing her password)!
• Hint: The SQL query statement can be found as follows:
SELECT * FROM users WHERE email='%s' and password='%s'"%(email,password)

2. Cross-site Scripting (XSS) Attack . Your goal in this Sub-question is to inject some Javscript code on a page that the admin user will look at and disclose his/her session cookie to you. You can follow the steps below to conduct this XSS attack for achieving the goal:

Step 1: Log in as Alice (after you conduct a successful SQL injection attack described in Sub-question 1 above), find the Section of "Post News item" (see Fig 3)and enter some Javscript code in a page that the admin user will look at and will cause the disclosure of his/her session cookie to you. After clickig "Submit", you should be able to see a new section "News list", under which there is an item called "alice say: Exciting News". The phrase "Exciting News" should be underscored because it's a hyperlink, which the admin will be asked to click in Step 3 below. Please refer to Fig 4 for an expected output.
Step 2: Log out as Alice and log in as admin with username: ad- [email protected], and password averysecureadminpassword.
Step 3: After logging in as admin successfully, please go to click the link (after Step 1 described above, prepared by Alice). Your XSS attack in Step 1 is successful if you can see admin's session cookie information displayed on the "News list". Please refer to Fig 5 for an expected output (you may need to zoom in the picture for a clearer view).

Note: if you feel annoyed by the automatic popups after a successful persis- tent XSS attack, you can restart the web server which will refresh the SQL database.

Attachment:- Securing Networks.rar

Reference no: EM133523920

Questions Cloud

What are some strike from managements perspective : What are some advantages and disadvantages of a strike from management's perspective?
State reasons why and the ebp behind your selection : Select on organization and an intervention that you could implement in your current place of work. State reasons why and the EBP behind your selection.
Find the best candidate that fits culture of organization : What pre-employment selection methods can be used to find the best candidate that fits the culture of the organization?
Are nurses involved in evaluating the systems : What training is provided when a new information system is implemented in your organization? Are nurses involved in evaluating the systems?
Write a bash script to check whether the given certificate : CSC8520 Securing Networks, University of Southern Queensland - Write a bash script to check whether the given certificate (sample cert.cer) is on the Certificat
What specifically will you address in your proposed health : Using data and statistics, support your claim that issue you selected is a problem. What specifically will you address in your proposed health promotion program
Describe ethical considerations in relation to recruitment : Describe any ethical considerations in relation to recruitment of the participants and your plans to address them.
Explain how you will back up the data and keep it secure : Explain how you will back up the data and keep it secure throughout the data management process. What challenges are associated with this
Discuss key people involve and how your research will affect : Why is your research need and how will it affect social change or change within organization? Discuss key people involved and how your research will affect them

Reviews

Write a Review

Other Subject Questions & Answers

  Propose an approach for management

Your team is consulting with a local manufacturing company that has 1,200 employees and is the third largest employer in the area.

  Discuss clinical judgment to assure safe

Develops and outlines a scientific, systematic decision-making process to integrate critical thinking with clinical judgment to assure safe

  Analyze the pharmacological aspects of the drug

Rapid Review 1: Select a psychoactive drug that is of pharmacological interest to you, but not one you will review as part of your Critical Review.

  Qsen case study activity

Michael Leyer, age 28, has been admitted to the hospital due to a cold that developed into severe bronchitis. Juliette Wright, Mr. Leyer's nurse, enters his roo

  Why do they feel so rebellious

Adolescents are one of most challenging stages in our lives. Why do they feel so rebellious? Difficult to bond with everyone and submit to society's guidelines?

  Identify and measure general types and sources of waste

In the article of Milbank quarterly where a study was conducted in 2008 by Bentley and colleages here they finding that waste is caused by factors such.

  What happened leading up to the conflict situation

Describe the conflict situation. What happened leading up to this conflict situation? What happened as the conflict occurred? Describe, in detail.

  What do you think about the consequences of not voting

What do you think about the consequences of not voting? how should government address Do you see value in enforcing compulsory voting results in the u.s such

  Describe utility theory and its relationship to the methods

How can I/O Psychologists help HR Managers contend with changes in organizations caused by globalization

  Determine the effect of marangoni convection on mixing

300597 Master Project 1 Western Sydney University Australia-Determine the effect of Marangoni convection on mixing of molten glasses.

  Prepare a genogram for the client you selected

Prepare a genogram for the client you selected. The genogram should extend back by at least three generations (great grandparents, grandparents, and parents).

  Love of woman and man were connected in the imagination

love of woman and man were connected in the imagination of medieval poets and artists in architecture, poetry, and music

Free Assignment Quote

Assured A++ Grade

Get guaranteed satisfaction & time on delivery in every assignment order you paid with us! We ensure premium quality solution document along with free turntin report!

Submit Assignment

Academics

Major Subjects

Majors

Get In Touch

whatsapp: +1-415-670-9521

Phone: +1-415-670-9521

Email: [email protected]

TERMS & POLICIES

HELP & SUPPORT

All rights reserved! Copyrights ©2019-2020 ExpertsMind IT Educational Pvt Ltd