Essay about Web Application Attack Scenario

Words: 1076
Pages: 5
Open Document
Assignment 1: Web Application Attack Scenario
(Student’s Name)
(Professor’s Name)
(Course Title)
(Date of Submission)
Introduction
Web applications are nowadays serving as a company’s public face to the internet. This has created the need to identify threats and attacks directed to data servers and web applications. Hackers exploit vulnerabilities in input validation and authentication affecting the web application in order to gain illegal access and disclose sensitive data or manipulate it to their benefits.
Common threats to data systems
Data systems such as the web application and data servers are faced by a number of threats, some of these threats are discussed below:
Spoofing: this is a situation where computer assume the …show more content…
SQL injection targets traditional data systems and second, NOSQL injection targeting big data platforms. SQL input involves inserting malicious statements into the input fields of web application. A successful injection can give the attacker unrestricted access to the entire database. SQL injection can cause the loss of all data, damage and exposure of sensitive data leading to great losses (Shema, 2010).
An attack scenario where the hacker could use SQL Injection SQL Injection is one of the widely used web attack mechanism used by hackers to steal sensitive data from organisations. In an online grocery, a hacker can use the SQL Injection to gain access to the database and retrieve the customers’ credit cards information. A hacker may input specifically crafted SQL commands in the login page with the intent of bypassing the login form barrier and seeing what lies behind it. This is possible if the inputs are sent directly to the database for verification. The hacker thinks of an SQL statement and constructs one, then inserts it and broadens the range of the SQL commands the web application will execute (Clarke, 2012). This enables to push the application beyond the original design and function. The strategic manner in which security professional could prevent the attack includes:
Parameterised queries using bound, typed parameters: for example, "select * from table where columnX=? and columnY=?". The developer must set values for the (?) placeholders.
Show More

Related Documents: Essay about Web Application Attack Scenario

NT2580 Graded Assignments Essay

learn about access control models for different scenarios. Assignment Requirements In this assignment, you have a handout on the access control models. Read the handout and discuss it with your classmates to collect answers for the following questions: Select an access control model that best prevents unauthorized access for each of the five scenarios given in the worksheet. Which types of logical access controls should be used in each scenario? Justify your recommendations. Respond to at…

Words 5302 - Pages 22

Unit 1 Lab 1 Assessment Essay

Lab 1 Assessment Worksheet Develop an Attack & Penetration Plan 1. List the 5 steps of the hacking process. Reconnaissance Scanning Gaining Access Maintaining Access Covering Tracks 2. In order to exploit or attack the targeted systems, the first initial step I would do to collect as much information as possible about the targets prior to devising an attack and penetration test plan would be reconnaissance. I would use passive reconnaissance as this pertains to information gathering.…

Words 1224 - Pages 5

Nt1330 Unit 1 Assignment 1

demonstration is performed for the audience and the committee, to convey the idea of our solution. Our solution is a web application with a very simple and neat layout, which is capable of storing an individual username and password with a name tag specifying for which service that username and password corresponds to. Furthermore, it also allows the user to update the password, given a scenario where the user updates there primary account information and want to update that information on our server. Lastly…

Words 773 - Pages 4

Nt1330 Unit 9 Final Paper

defining system security requirements. 3. Security should be evaluated in the initiation phase of the SDLC. 10.2 1. Input validation is the process of confirming all the input to an application before using it. 2. Proper input validation helps prevent DOS attacks. 3. The proper parameters for this scenario should be numbers 1 through 4. No special charters or other numbers should be permitted. 10.5 1. I found the most recent service pack for Microsoft Office 2013 is SP1.…

Words 408 - Pages 2

Nt1330 Unit 3

system Therefore, a number of people confront the risks of too protection against VoIP attacks. highlighted as the following: [8]-The firewall must be able to discover and check VoIP protocols and carefully check out the IP datagram. 1) common firewall is not suitable for VoIP networks, and a specialized firewall needed. 2) The firewall must be able to analyses the effective load of the VoIP to discover the attack. 3) To manage, message or calls over the VoIP system also to set up the different authorities…

Words 2006 - Pages 9

DOD anti terrorism brief sep 07 Essay

in coordination with OSD and Services • Designed to increase awareness of terrorism and improve ability to apply personal protective measures • Meets the annual requirement for Level I antiterrorism training prescribed by DoDI 2000.16 • Complements Web-based and CD-ROM training Antiterrorism Level I Awareness Training Slide # Introduction Learning Objectives • Understand the terrorist threat • Understand how to employ situation-based measures to lower your vulnerability • Recognize proper responses…

Words 5307 - Pages 22

Cloud Computing paper

and reflection of computing services and assets. Hence, cloud computing could be characterized as a model for enabling convenient, on-demand network access to a shared pool of configurable computing resources (e.g., networks, servers, storage, applications, and services) that can be rapidly provisioned and released with minimal management effort or administration supplier association. It is the practice of using a network of remote servers hosted on the Internet to store, supervise, and develop data…

Words 1674 - Pages 7

Cloud Computing

COMPUTING? Cloud computing is a paradigm that focuses on sharing data and computations over a scalable network of nodes. Examples of such nodes include end user computers, data centers, and Web Services. We term such a network of nodes as a cloud. An application based on such clouds is taken as a cloud application. Cloud computing is emerging at the convergence of three major trends such as service orientation, virtualization and standardization of computing through the Internet. Cloud computing…

Words 3729 - Pages 15

Csec630 Lab 2 Essay

enabled by the user. Another scenario where alerts may not occur is when another task is being performed. According to (Roesch, 1999) when alerting is unnecessary…

Words 1110 - Pages 5

Essay on Mobile Computing

enabled Coca Cola vending machines were installed in Helsinki area in Finland. The M-Commerce server developed in late 1997 by Kevin Duffey at Logica. Since the launch of mobile phones, Commerce has moved away from SMS systems and into actual applications. M-Commerce is the ability to conduct commerce using a mobile device such as mobile phone, Personal Digital Assistant (PDA), smart phone. Mobile Commerce from the Customer’s point of view: The Customer wants to access information, goods and…

Words 1711 - Pages 7