WEB TECHNOLOGY (T)
PROGRAM - BS CS
ASSIGNMENT 1
BATCH - 08
SUBMITTED TO:
Mam Hira
SUBMITTED BY:
MUAZ HAFEEZ - 03
Question No:5
Connection Less Transport & Connection Oriented Transport
Structure:
1. Both are 32-bit but TCP (connection oriented) counting by bytes of data (not segments)
while UDP (connection less) length in bytes of UDP segment including header.
2. TCP has handshake like i.e. (SYN, ACK, SYN-ACK), while on the other hand there is no
any handshake in UDP because of is connectionless property.
3. TCP has acknowledgement while UDP has not
Reliability:
1. In UDP, there is no guarantee that the messages or packets sent would reach at all.
2. In TCP, there is absolute guarantee that the data transferred remains intact and arrives in
the same order in which it was sent.
Data Flow Control:
1. In UDP, it does not have an option for Flow Control.
2. In TCP, it has Data Flow Control.

TCP requires three packets to set up a socket connection, before any user data can be sent.
 TCP handles reliability and congestion control.
Connection Management:
1. User Datagram Protocol is a connectionless protocol while Transmission Control
Protocol is connection- oriented protocol.
2. TCP used by other protocols like (HTTPS, FTP, SMTP, HTTP, Telnet) while UDP used
by other protocols like (DHCP, DNS, TFTP, VOIP)
Question No:4
Peer-to-Peer & Client/Server Architecture
Limitations of P2P Architecture
1. Users have to use separate passwords on each computer in the network.
2. In peer-to-peer networks all nodes are act as server as well as client therefore no need of
dedicated serve
3. Backup has to be performed on each computer separately.
Limitations of Client/Server Architecture
1. Professional IT people are required to maintain the servers and other technical details of
the network.
2. Server failure leads to the whole network failure.
3. Client-Server Network has centralized control. i.e., centralized user accounts, security,
and access to simplify network administration.
Question No:2
SQL INJECTION ATTACK
SQL Injection (SQLi) is a type of an injection attack that makes it possible to execute malicious
SQL statements. These statements can control a database server behind a web application.
Attackers can use SQL Injection vulnerabilities to bypass application security measures. An SQL
Injection vulnerability may affect any website or web application that uses an SQL database such
as MySQL, Oracle, SQL Server, or others
Types OF SQL
1.
2.
3.
4.
5.
Error-based SQLi
Union-based SQLi
Boolean-based
BLIND SQL INJECTION
Time-based Blind SQLi
XSS ATTACK
Cross-site scripting (XSS) is a type of computer security threat commonly found in web
applications. XSS enables attackers to inject client-side scripts into web pages viewed by other
users. Weaknesses of cross-site scripting by attackers can be used to ignore similar policies, such
as access controls. Cross-site scripting on websites accounts for about 84% of all security threats
IP Spoofing
IP spoofing is the crafting of Internet Protocol (IP) packets with a source IP address that has been
modified to impersonate another computer system, or to hide the identity of the sender, or both.
In IP spoofing, the header field for the source IP address contains an address that is different
from the actual source IP address. IP spoofing is a technique often used by hackers to launch
distributed denial-of-service (DDoS) attacks and man-in-the-middle (MITM) attacks against
targeted devices or the surrounding infrastructures.
MITM
A man-in-the-middle attack (MITM), also known as a hijack attack is an attack where the
attacker secretly relays and possibly alters the communications between two parties who believe
that they are directly communicating with each other. For example,
Eavesdropping, in which the attacker makes independent connections with the victims and
relays messages between them to make them believe they are talking directly to each other over a
private connection, when in fact the entire conversation is controlled by the attacker
Question No:3
Cause more Damage & How
SQLi cause more damage because an SQL Injection vulnerability may affect any website or web
application that uses an SQL database such as MySQL, Oracle, SQL Server, or others.
Question No:1
Working of Multiplexing and Demultiplexing
To combine the selection input, the data line is connected to the output line. The circuit is shown
below 8 * 1 Multi-Plexer. 8 to 1 multiplexer requires 8 AND Gates, one OR gate and 3 selection
lines. As an input, combining selection inputs with the same input data lines to the AND gate.
In a similar way, all AND gates are connected. For any selection line input, one AND gate gives
the value of 1 in this 8 * 1 multiplexer and all the rest and gate 0. And, finally, using the OR
gate, all the AND gates are added. And, it will be equal to the selected value.
Demultiplexer is also called a data distributor because it requires one input, 3 selected lines and 8
outputs. The Demultiplexer takes a single input data line, and then converts it to one of the
output lines. The 1-to-8 demilitarized circuit diagram is shown below. It uses 8 more doors to
achieve the operation. The input bit is considered as data D and it is transferred to the output
lines. It depends on the control input value of AB. When AB = 01, the upper second gate F1 is
activated, while the rest of the other gates are disabled, and the data bit F1 = data is transferred to
the output. If D is low, F1 is low, and if D is high, F1 is high. So, the value of F1 depends on the
value of D, and the rest of the results are less.