The instuctions are long for this assignment/discussion board. They are below and attached as a word document called Week 7 Discussions – SQL Injection which is the directions for my discussion and for two other students I need to respond to that you may download. Both of the students I chose are hyperlinked in the word document (Week 7 Discussions – SQL Injection) for me to reference for myself who I am going to be replying to which you cannot access. NOTE: Student A has an image file and sql file provided so are also attached but student B did not provide one so you will just see the code in directions. Also, provide screen shots to prove when a script is volunerable for the one you make and how to hack it and the one that it migrated so you cannot do so. Same as providing screen shots for the 2 students who I will reply to as prof along with anything else I need. Directions for what to do and what the students did below and attached: SQL Injection is in the top 10 OWASP and Common Weakness Enumeration. Using MySQL and PHP, show your own very short and simple application that is vulnerable to this attack. Provide another version that mitigates this issue. (Again keep this simple) Screen shot(s) would be helpful! Students should respond with specific tests (e.g. data input) that shows how they could break into your database application with your first example but were unsuccessful for your mitigated example. Screen shot(s) would be helpful! I have to respond to 2 other students and be sure to cover how you were able to break in to their first version but not the mitigated one. Here are the two I chose. Student A: SQL Injection Discussion – JGrimard (Reminder: Screen shot(s) would be helpful!) I have created an insecure login page which is vulnerable to SQL injection.  I then created another login web application which uses prepared statements to prevent SQL injection attacks.  I tried to keep it as simple as possible, but posting data then accessing a database is not all that simple to begin with. Just an FYI, ZAP doesn’t automatically find the SQL injection vulnerability, however if you use the login name, ie admin, along with some injection parameters you can easily bypass the password. The SQL and index.php are the same for both secure and insecure versions.  The processLogin.php file is the only one that is different. Please let me know if you need me to explain any part of my code or need any tips on ‘breaking into’ my database.  Here is a hint: this is the line of code that makes my web app vulnerable to sql injection: $sql = “SELECT * FROM WebUsers WHERE UserID = ‘$userName’ AND Password = ‘$password'”; — This is the same for both secure and insecure — Week7Discussion.sql — June 27, 2016 — Jason Grimard — UMUC SDEV300 — – — Create a table of users and passwords for Week 7 Discussion post — Use the sdev database USE sdev; — Delete the table if it already exists DROP TABLE IF EXISTS WebUsers; — Create table – WebUsers CREATE TABLE IF NOT EXISTS WebUsers ( UserID VARCHAR(30) PRIMARY KEY, Password VARCHAR(100), FirstName VARCHAR(30), LastName VARCHAR(30) ); — Insert WebUser into table INSERT INTO WebUsers VALUES (‘admin’,’SuPeR_StRoNg_PaSsWoRd_jkh234′,’Jason’,’Grimard’); INSERT INTO WebUsers VALUES (‘bfranklin’,’SuPeR_StRoNg_PaSsWoRd_jasd3234dsa’,’Ben’,’Franklin’); Week 7 Discussion

Week 7 Discussion
Jason Grimard

Please enter login information then click login

Looking for solution of this Assignment?


We deliver quality original papers

Our experts write quality original papers using academic databases.We dont use AI in our work. We refund your money if AI is detected  

Free revisions

We offer our clients multiple free revisions just to ensure you get what you want.

Discounted prices

All our prices are discounted which makes it affordable to you. Use code FIRST15 to get your discount

100% originality

We deliver papers that are written from scratch to deliver 100% originality. Our papers are free from plagiarism and NO similarity.We have ZERO TOLERANCE TO USE OF AI

On-time delivery

We will deliver your paper on time even on short notice or  short deadline, overnight essay or even an urgent essay