Essay about Web Application Attack Scenario

Words: 1076
Pages: 5

Assignment 1: Web Application Attack Scenario
(Student’s Name)
(Professor’s Name)
(Course Title)
(Date of Submission)
Web applications are nowadays serving as a company’s public face to the internet. This has created the need to identify threats and attacks directed to data servers and web applications. Hackers exploit vulnerabilities in input validation and authentication affecting the web application in order to gain illegal access and disclose sensitive data or manipulate it to their benefits.
Common threats to data systems
Data systems such as the web application and data servers are faced by a number of threats, some of these threats are discussed below:
Spoofing: this is a situation where computer assume the
…show more content…
SQL injection targets traditional data systems and second, NOSQL injection targeting big data platforms. SQL input involves inserting malicious statements into the input fields of web application. A successful injection can give the attacker unrestricted access to the entire database. SQL injection can cause the loss of all data, damage and exposure of sensitive data leading to great losses (Shema, 2010).
An attack scenario where the hacker could use SQL Injection SQL Injection is one of the widely used web attack mechanism used by hackers to steal sensitive data from organisations. In an online grocery, a hacker can use the SQL Injection to gain access to the database and retrieve the customers’ credit cards information. A hacker may input specifically crafted SQL commands in the login page with the intent of bypassing the login form barrier and seeing what lies behind it. This is possible if the inputs are sent directly to the database for verification. The hacker thinks of an SQL statement and constructs one, then inserts it and broadens the range of the SQL commands the web application will execute (Clarke, 2012). This enables to push the application beyond the original design and function. The strategic manner in which security professional could prevent the attack includes:
Parameterised queries using bound, typed parameters: for example, "select * from table where columnX=? and columnY=?". The developer must set values for the (?) placeholders.