Essay about Web Application Attack Scenario

Words: 1076
Pages: 5
Assignment 1: Web Application Attack Scenario
(Student’s Name)
(Professor’s Name)
(Course Title)
(Date of Submission)
Introduction
Web applications are nowadays serving as a company’s public face to the internet. This has created the need to identify threats and attacks directed to data servers and web applications. Hackers exploit vulnerabilities in input validation and authentication affecting the web application in order to gain illegal access and disclose sensitive data or manipulate it to their benefits.
Common threats to data systems
Data systems such as the web application and data servers are faced by a number of threats, some of these threats are discussed below:
Spoofing: this is a situation where computer assume the
SQL injection targets traditional data systems and second, NOSQL injection targeting big data platforms. SQL input involves inserting malicious statements into the input fields of web application. A successful injection can give the attacker unrestricted access to the entire database. SQL injection can cause the loss of all data, damage and exposure of sensitive data leading to great losses (Shema, 2010).
An attack scenario where the hacker could use SQL Injection SQL Injection is one of the widely used web attack mechanism used by hackers to steal sensitive data from organisations. In an online grocery, a hacker can use the SQL Injection to gain access to the database and retrieve the customers’ credit cards information. A hacker may input specifically crafted SQL commands in the login page with the intent of bypassing the login form barrier and seeing what lies behind it. This is possible if the inputs are sent directly to the database for verification. The hacker thinks of an SQL statement and constructs one, then inserts it and broadens the range of the SQL commands the web application will execute (Clarke, 2012). This enables to push the application beyond the original design and function. The strategic manner in which security professional could prevent the attack includes:
Parameterised queries using bound, typed parameters: for example, "select * from table where columnX=? and columnY=?". The developer must set values for the (?) placeholders.

Related Documents: Essay about Web Application Attack Scenario

NT2580 Graded Assignments Essay

learn about access control models for different scenarios. Assignment Requirements In this assignment, you have a handout on the access control models. Read the handout and discuss it with your classmates to collect answers for the following questions: Select an access control model that best prevents unauthorized access for each of the five scenarios given in the worksheet. Which types of logical access controls should be used in each scenario? Justify your recommendations. Respond to at…

Words 5302 - Pages 22

Unit 1 Lab 1 Assessment Essay

Lab 1 Assessment Worksheet Develop an Attack & Penetration Plan 1. List the 5 steps of the hacking process. Reconnaissance Scanning Gaining Access Maintaining Access Covering Tracks 2. In order to exploit or attack the targeted systems, the first initial step I would do to collect as much information as possible about the targets prior to devising an attack and penetration test plan would be reconnaissance. I would use passive reconnaissance as this pertains to information gathering.…

Words 1224 - Pages 5

DOD anti terrorism brief sep 07 Essay

in coordination with OSD and Services • Designed to increase awareness of terrorism and improve ability to apply personal protective measures • Meets the annual requirement for Level I antiterrorism training prescribed by DoDI 2000.16 • Complements Web-based and CD-ROM training Antiterrorism Level I Awareness Training Slide # Introduction Learning Objectives • Understand the terrorist threat • Understand how to employ situation-based measures to lower your vulnerability • Recognize proper responses…

Words 5307 - Pages 22

Cloud Computing paper

and reflection of computing services and assets. Hence, cloud computing could be characterized as a model for enabling convenient, on-demand network access to a shared pool of configurable computing resources (e.g., networks, servers, storage, applications, and services) that can be rapidly provisioned and released with minimal management effort or administration supplier association. It is the practice of using a network of remote servers hosted on the Internet to store, supervise, and develop data…

Words 1674 - Pages 7

Csec630 Lab 2 Essay

enabled by the user. Another scenario where alerts may not occur is when another task is being performed. According to (Roesch, 1999) when alerting is unnecessary…

Words 1110 - Pages 5

Cloud Computing

COMPUTING? Cloud computing is a paradigm that focuses on sharing data and computations over a scalable network of nodes. Examples of such nodes include end user computers, data centers, and Web Services. We term such a network of nodes as a cloud. An application based on such clouds is taken as a cloud application. Cloud computing is emerging at the convergence of three major trends such as service orientation, virtualization and standardization of computing through the Internet. Cloud computing…

Words 3729 - Pages 15

Essay on Mobile Computing

enabled Coca Cola vending machines were installed in Helsinki area in Finland. The M-Commerce server developed in late 1997 by Kevin Duffey at Logica. Since the launch of mobile phones, Commerce has moved away from SMS systems and into actual applications. M-Commerce is the ability to conduct commerce using a mobile device such as mobile phone, Personal Digital Assistant (PDA), smart phone. Mobile Commerce from the Customer’s point of view: The Customer wants to access information, goods and…

Words 1711 - Pages 7

Disaster Plan Essay examples

mirrored set of servers, components and power feeds to all the equipment. All disks should have a mirrored double as well. For example the disks or servers that serves the it department should have a mirrored server. This can be done using a RAID 2 scenario, where disk 1b mirrors disk 1a, disk 2b mirrors 2a and so forth and so on. You would need double the anticipated server capacity to do this. It is possible to configure RAID disks according to the size of the files being stored. If the amount of…

Words 1582 - Pages 7

Essay about The Need for Information Security Management for Small to Medium Size Enterprises

Response Management and Disaster Recovery 4 Mobile Device Security Managment 5 Biometric Security Devices and Their Use 6 Ethical Issues in Information Security Management 7 Security Training and Education 7 Defending Against Internet-Based Attacks 8 Industrial Espionage and Business Intelligence Gathering 9 Personnel Issues in Information Security 9 Physical Security Issues in Information…

Words 4578 - Pages 19

Ip Address and Questions Q 1 Essay

inbound or outbound. The firewall may filter traffic on the basis of IP address and TCP port number; may provide proxy software that receives and interprets each service request before passing it on; or may host the server software itself, such as a Web or mail service. Direction control:Determines the direction in which particular service requests may be initiated and allowed to flow through the firewall. User control: Controls access to a service according to which user is attempting to access…

Words 3013 - Pages 13