Title

The Effect of Various Brute Force Attacks on Online Accounts in Damn Vulnerable Web Application

School Name

Spring Valley High School

Grade Level

10th Grade

Presentation Topic

Computer Science

Presentation Type

Non-Mentored

Abstract

Online security is becoming an ever important topic in the modern social climate. People often create many online accounts and use insecure passwords which can easily be divulged by malicious attackers using various hacking methods. One of these methods, such as brute force attacks, requires an attacker to input every possible password into an account in hopes that one is correct (Wanjau et al., 2021). The purpose of this study was to test the effectiveness of different brute force attacks on online accounts in DVWA, such as dictionary attacks, random character attacks, and bulk-guessing attacks. It was hypothesized that if different brute force attacks were used on online accounts in DVWA, then dictionary attacks would have the most accounts gained-access-to due to the attack taking advantage of human error in password creation. This experimentation was started by adding a database of online accounts to DVWA and each brute force attack being run on DVWA with password and username word lists. 30 trials were run with 1 trial lasting 1 hour. The dictionary attack was found to gain access to the most accounts at 21 accounts over the 30 trials. The bulk-guessing attack had 9 accounts and the random character attack had 0 accounts. With a population of 3, and a significance level of 0.05, the data was significant(p<0.001) and the null hypothesis of there being no difference in the effectiveness of the various brute force attacks was rejected.

Location

ECL 105

Start Date

3-25-2023 11:30 AM

Presentation Format

Oral and Written

Group Project

No

COinS
 
Mar 25th, 11:30 AM

The Effect of Various Brute Force Attacks on Online Accounts in Damn Vulnerable Web Application

ECL 105

Online security is becoming an ever important topic in the modern social climate. People often create many online accounts and use insecure passwords which can easily be divulged by malicious attackers using various hacking methods. One of these methods, such as brute force attacks, requires an attacker to input every possible password into an account in hopes that one is correct (Wanjau et al., 2021). The purpose of this study was to test the effectiveness of different brute force attacks on online accounts in DVWA, such as dictionary attacks, random character attacks, and bulk-guessing attacks. It was hypothesized that if different brute force attacks were used on online accounts in DVWA, then dictionary attacks would have the most accounts gained-access-to due to the attack taking advantage of human error in password creation. This experimentation was started by adding a database of online accounts to DVWA and each brute force attack being run on DVWA with password and username word lists. 30 trials were run with 1 trial lasting 1 hour. The dictionary attack was found to gain access to the most accounts at 21 accounts over the 30 trials. The bulk-guessing attack had 9 accounts and the random character attack had 0 accounts. With a population of 3, and a significance level of 0.05, the data was significant(p<0.001) and the null hypothesis of there being no difference in the effectiveness of the various brute force attacks was rejected.