Critical Analysis Of Security Tools

MITS5004 - IT Security, Victorian Institute of Technology, Australia

DO YOU WANT TO EXCEL IN CRITICAL ANALYSIS OF SECURITY TOOLS ASSIGNMENT? HIRE TRUSTED TUTORS FROM EXPERTSMINDS AND ACHIEVE SUCCESS!

Section 1: Introduction

Security is required for the resources of each and every organization to prevent the organization from losses of finance. Security is required to maintain confidentiality of the data and to prevent the network attacks such as man in the middle attack, eavesdropping, masquerading, password guessing and ransomware attacks. The attacks cause a lot of harm to the resources of the organization and employees of the organization are not able to work properly. Therefore, it is essential to ensure that the network is protected from all kinds of the attack. There are a number of tools available to ensure the security of the organization such as Hydra, Maltego, NMap, Zed Attack Proxy, SqlMap, Metasploit Framework, Burp Suite, Nessus, Nikto, Snort. These tools help to ensure that network is protected from any kind of the attacks. We have chosen two tools for the critical analysis in this report. The tools are SQL Map and the Burp suit tool. We will install and launch both the tools and will see the detailed features of each of the tool. The report will provide the screenshots of the features. The tools will be critically analyzed in the terms of the Ease of the use, Performance, Scalability, Reporting and analytics and availability.

SQL map is an open source tool that is available on the internet for usage and detection of vulnerabilities in a website. The tool helps in checking whether the website is prone to any kind of the sql injection attacks or not. We can extract the database of the underlying website, tables contained in the database, columns that are there in the tables and fetch the data contained in the columns. The tool is compatible with all the sql injection techniques. This is available as a built in tool in the kali linux. Many organizations are using this tool for security testing of the web applications.

On the other hand, the burp suite tools is built using the java programming language by a web development company that is known as Port Swigger. The tool is easier to use than the SQL map as it provides graphical user interface to the user who is using this tool. The user can view every test of the security. The non technical persons can also use this tool. The tool comes with a handful of features such as Sequencer, Content discovery, intruder, proxy, target, task scheduler, intercept, spider and scanner. Burp scanner helps in the automatic scanning of the web applications. The customized attacks can be done with the help of the Burp intruder. The data and web requests can be manipulated with the help of the burp repeater. The randomness of the data can be checked with the help of the sequencer feature of the burp suite tool. The web applications can be crawled with the help of the spider feature of the burp tool. The target feature helps to develop the site map of the website. The tools can also be clubbed with the SQL map to gain more deeper insights into the web application.

Question 1. Install and launch the 2 security tools in Linux terminal. Screenshots need to be provided with a brief description.

Answer: Tool installation and launch

The tools were installed and launched to gain deeper understanding of the features of the tool.

SQL MAP Tool: SQL map is an open source tool that can be used by the organizations for the exploitations of the web applications. The tool can be used to check the website vulnerabilities that whether the sql injection attack can be done on the website or not. SQL injection can lead to the loss of the confidentiality of the data of the website and the intruder can change the content of the data of the website according to his gains. Therefore, it is essential to protect the web applications from the SQl injection attacks. The tool provides handful of the features. The tool can extract the database of the vulnerable websites. The parameters that are vulnerable in the website are listed in detail in the tool and on the basis of those parameters we can extract the name of the database. From the database, we can extract the tables in the website. The columns can also be extracted with the help of the tables. The columns which are required can be viewed by using different queries. The data can be obtained in the required format. The hashed passwords can also be decoded with the tool. The existing data in the database can be updated by using the tool. The direct connection can be made with the database. The techniques of the SQL injection such as time based, blind based can be exploited with the help of the tool.

NO PLAGIARISM POLICY – ORDER NEW CRITICAL ANALYSIS OF SECURITY TOOLS ASSIGNMENT & GET WELL WRITTEN SOLUTIONS DOCUMENTS WITH FREE TURNTIN REPORT!

Installation and launch of the tool

1) The tool is downloaded in the form of the zip folder from sqlmap.org.

2) The tools is unzipped and installed by executing .exe file

3) The tool is launched through the command line interface. The following screenshot shows the launch of the tool.

Burp suite Tool: The burp suite tool is a tool for the security testing of the websites. The website is tested for any flaws in the security features. The free edition of the burp suite tool was downloaded to gain deeper understanding of the features of the tool. The tool has the target feature that can be used for the initial scan of the website. The tool must be configured with the browser for getting the initial scan of the web application. The foxy standard can be sued to configure the proxy port of the tool with the browser. If there are any flaws in the website then, the repeated requests to the browser can be sent with the helps the repeater feature. The encoded data can also be decoded with the usage of the decoder feature of the burp suite. The web application results can be presented in the form of the reports. The tool is easy to scale according to the needs of the organization. The following screenshots will show the install asn launch of the tool.

1) The tool must be downloaded from the internet.

2) The .jar file of the tool will be obtained in the destination folder.

3) Click on the .jar file to launch the tool.

4) The tool will open like this. Click on the temporary project and press the next button.

5) Now, press the start burp button to launch the tool.

6) The tool will start the project like this

7) Now, the interface of the tool will open.

2. Evaluate 4 features of each tool. Description and screenshots need to be provided for each tool.

Answer: Features of the tool: Both the tools contain a number of the features for testing the security of a web application. Different features can be used for security testing as per the requirement of the organization.

SQL map tool: SQL map is the open source tool. There are many features available in the sql map for testing the security of the website. The tool can support many types of the database management systems. The tools can support many sql injection techniques. The tool can extract the database from the web server of the website is not secured. The tool can also extract the tables, columns and records from the database.

MOST RELIABLE AND TRUSTWORTHY CRITICAL ANALYSIS OF SECURITY TOOLS ASSIGNMENT HELP & HOMEWORK WRITING SERVICES AT YOUR DOORSTEPS!

The various features of the tool are shown in the screenshots.

1) The tool is able to detect that which parameters are creating the website prone to the sql injection attack. We have scanned the following website for demonstrating the feature of the SQL map tool of detecting the vulnerable parameters.

2) The tool can fetch the name of the database if the vulnerable parameters are found in the website. The --dbs command helps in the detection of the name of the database behind the web server that is storing all the data of the website.

3) The tool can fetch the tables from the databases if the website is vulnerable to the sql injection attack. We have got the tables shown in the screen shot after testing the website. The tables can be obtained by using the -tables command. The website is not vulnerable toe sql injection attack.

4) The tool can also fetch the columns from the database by using the -columns command of the sql map. The required columns from the particular table can be fetched as per the need.

Features of the burp suite tool: Burp suite tool is designed using the java technology by the Port Swigger company. The tool contains many features .The tool comes with a handful of features such as Sequencer, Content discovery, intruder, proxy, target, task scheduler, intercept, spider and scanner. Burp scanner helps in the automatic scanning of the web applications. The customized attacks can be done with the help of the Burp intruder. The data and web requests can be manipulated with the help of the burp repeater. The randomness of the data can be checked with the help of the sequencer feature of the burp suite tool. The web applications can be crawled with the help of the spider feature of the burp tool. The target feature helps to develop the site map of the website. We will demonstrate the 4 features of the tool in this report.

1) Target

The tool can be configured with the browser and then, initial scan of the website can be performed by using the tool. We have configured the tool using the 7080 port number. The target feature helps in doing the initial scan of the website and developing a site map of the website. The endpoints of the website can be detected using this.

2) Sequencer

This is the interesting feature of the burp suite tool as it helps in detecting the randomness of the data in the website and we can guess the patterns of the token values using this feature. This feature helps the developer to check the strong authentication feature for the website.

WE HELP STUDENTS TO IMPROVE THEIR GRADES! AVAIL TOP QUALITY CRITICAL ANALYSIS OF SECURITY TOOLS ASSIGNMENT HELP AND HOMEWORK WRITING SERVICES AT CHEAPER RATE!

3) Repeater

If the flaws are found in the initial scan of the website then, it is required to the repeated requests to the web server of the website. The data can be manipulated in the http request and every aspect of the http request can be modified with this feature. The request can be sent to the repeater by using the right click on the URL.

4) Decoder

Decoder is the another feature of the tool that helps to decode the data in the form of the canonical form. The data can be easily decoded using this feature.

Question 3: Critically analyse each tool in terms of:

a) Ease of Use

Answer: The burp suite tool is easy to use than the SQL map as we have to type commands in order to use the SQL map tool but the burp suite tool provides the graphical user interface.

b) Performance

Answer: Performance of the Burp suite is better as it can fetch the data fast than the SQL map tool.

c) Reporting and analytics

Answer: The reports can easily generated by using the burp suite tool and the outcomes of the scan can easily be viewed using the tool.

d) Scalability

Answer: The SQL map tools is difficult to scale and in the burp suite tool the scalable agents can be used to scale the tool as per the needs of the organization.

e) Availability

Answer: The sql map tool is available as a open source toll and can be downloaded and installed. In the burp suite tool, we have to buy the tool to enjoy all the features of the tool.

Conclusion: Security is the important feature that must be present the IT infrastructure of any organization. We have analyzed two tools named as the SQL amp and burp suite in the report and analysis depicted that burp suite tool is easier and more scalable than the SQL map and even a non technical person can use this tool. Therefore, the organizations should use this tool.

24/7 AVAILABILITY OF TRUSTED CRITICAL ANALYSIS OF SECURITY TOOLS ASSIGNMENT WRITERS! ORDER ASSIGNMENTS FOR BETTER RESULTS!

Acquire Most Exclusive Online Victorian Institute of Technology, Australia Assignment Help Service From Qualified Tutors For Its related Courses:

• MITS4001 - nBusiness Information Systems Assignment Help
• MITS4002 - Object Oriented Software Development Assignment Help
• MITS4003 - Database System Assignment Help
• MITS4004 - IT Networking and Communication Assignment Help
• MITS5001 - IT Project Management Assignment Help
• MITS5002 - Software Engineering Methodology Assignment Help
• MITS5003 - Wireless Networks and Communication Assignment Help
• MITS5501 - Software Quality, Change Management and Testing Assignment Help
• MITS5502 - Developing Enterprise Systems Assignment Help
• MITS5503 - Mobile Computing Assignment Help