Web security is very essential factor, for every individual or an organization. Especially, for the banks. Because, the lack of web security allows various vulnerabilities and threats for the respective system from the attackers, which could be dangerous. For instance, leakage of sensitive data. Thus, it is essential to secure the computer, internet connection and web browser. The encryption method can be used to safeguard the sensitive information. The accounting information system can be used for the collecting of data processing and they are stored in the data that are used by the decision makers. An accounting information system is generally used for computer based method for the hacking account activity of the information technology.
The main objective of this project is to develop the web security on banking and account information payroll system using virtual machine. The login to the virtual machine to enter the root name and password information. The software can install it and put and enter the command on startx, after loading on the payroll webpage and can processing of the each steps. They can use for the three targets likewise, XSRF, XSS Username and password Theft, SQL injection, which will be investigated.
The cross-site request forgery (XSRF or CSRF) refers to a method used to attack the website, where the intruder impersonates as one of the legitimate and a trusted user. The XSRF used for the malicious exploit of a website unauthorized commands are transmitted from a user they can access of the web application they can specified the target state changing request and to identify vulnerability. The Georgia tech payroll system the user can enter the user name and password to login on the site, if the user can already login on the system of Georgia payroll web pages the Alice once visit the webpage and find the redirection of Georgia payroll system with the account number and routing number is displayed on the Username of the system.
Open the website URL on https://payroll.gtech.edu is only visiting on the Web Pages using oracle virtual machine. The payroll accounting information they can fetch the all information of the website
The XSRF attack is occurs on the malicious website on payroll information systems that are includes email id, account id or program causes. The user can access to the website can be performed on the unwanted action on a trusted site of which user can login to the currently authenticated.
The XSRF is attacked to the web site using logged on the victims browser to sending the forged html request , that are including the accounting session and any automatically includes and provides the authentication information to the user, it can access to a vulnerable web application.
The user can login to the website of the link will be sending to attackers to the accounting session when the user can enter the username and Account ID once login to the site and user can click on the URL link and once logging to the original website, the data will be stolen from the web site.
The user can use the vulnerability as the attackers once can changing to the user profile information., and changing the account status, the attackers can creating the a new user or admin behalf, etc.
There are using the vulnerable objects like,
The user can log into the accounting website using the valid credentials. Once user can login on the site and sending the verification authenticate mail form the attackers can saying the user “Please click the valid login”
https://payroll.gatech.edu/account.php”
When the account can be click on it, a valid request will be creating on the URL link on the particular account details.
The security misconfiguration that can used for the hacking on the website can used the unauthorized person.
Vulnerability objects are,
The application server admin console is automatically installed and not removed. Default account is not changed. The user can login to the accounting page and the attackers can log in with and set the default password and can use the unauthorized access.
In our case we have using the PHP session it can be kept active by making the request site using the session value in the request, and without the web application of the logout session. The wit outing session value request let us assume assigning the new values of the request URL. Depending on the web application it can used for many it will discussing on the two requests as two different users without the login Id. This means if you were to use payroll banking information and the accounting form the same device (even sharing the same IP and user login Id) the web application could believe its two different users. Also depending on the web site application, you may be able to switch between the user can generate the Account number and routing number as long as they are both still active on correct or wrong on the web service.
Source code is attached here.
The order to run malicious JavaScript code in a victim’s browser, an attacker must first find a way to inject a payload into a web page that the victim visits. … In order for an XSS attack to take place the vulnerable website needs to directly include user input in its pages.
The vulnerability objects are,
Sending mail to request on local host php page,
We can use for the URL link https://hackmail.org/sendmail.php on the website .The user can send the mail to the local user account and send to the request on the local host web security on the same page.
Source code is attached here.
The php vulnerability, which can used of the mail hacking request on the local host
User can browser and send the request on mail to the input of the server, and it will stored the all data processing in php vulnerability. In order to run malicious SQL queries against a database server, an attacker must first find an input within the web application that is included inside of an SQL query. In order for an SQL Injection attack to take place, the vulnerable website needs to directly include user input within an SQL statement.
The vulnerable objects includes,
Hacking on the email commands targets,
Source code is attached here.
Conclusion
From this report, the importance of web security is understood, especially, for the banks. As, the lack of web security allows various vulnerabilities and threats for the respective system from the attackers, which could be dangerous. For instance, leakage of sensitive data. Thus, it is essential to secure the computer, internet connection and web browser.It is observed that encryption helps to secure sensitive data. The research of this project is to develop the web security on banking and account information payroll system using virtual machine, which is completed successfully. The Oracle virtual machine installation is completed in this report, which uses the three targets like, XSRF, XSS Username and password Theft and the SQL injection that are completed.
References
Covaleski, John, Hacking (Reference Point Press, 2013)
McClure, Stuart, Joel Scambray and George Kurtz, Hacking Exposed (McGraw-Hill/Osborne, 2012)
Essay Writing Service Features
Our Experience
No matter how complex your assignment is, we can find the right professional for your specific task. Contact Essay is an essay writing company that hires only the smartest minds to help you with your projects. Our expertise allows us to provide students with high-quality academic writing, editing & proofreading services.
Free Features
Free revision policy
$10Free bibliography & reference
$8Free title page
$8Free formatting
$8How Our Essay Writing Service Works
First, you will need to complete an order form. It's not difficult but, in case there is anything you find not to be clear, you may always call us so that we can guide you through it. On the order form, you will need to include some basic information concerning your order: subject, topic, number of pages, etc. We also encourage our clients to upload any relevant information or sources that will help.
Complete the order form
Once we have all the information and instructions that we need, we select the most suitable writer for your assignment. While everything seems to be clear, the writer, who has complete knowledge of the subject, may need clarification from you. It is at that point that you would receive a call or email from us.
Writer’s assignment
As soon as the writer has finished, it will be delivered both to the website and to your email address so that you will not miss it. If your deadline is close at hand, we will place a call to you to make sure that you receive the paper on time.
Completing the order and download