IS3445 Project Part 4
Introduction
The security of a web application should become top priority when it comes to ensuring the security of the information that the application contains. When we, as an organization, think of security, we should all think of ways that the attacker would attempt to breach the application in order to gain access to the network, or exploit the vulnerability to his or her own benefits. There are many weaknesses pertaining to web applications, and these weaknesses each have an attack associated with it, with the attacker having his or her own motivation for the attack. The attacker’s motivation deeply depends on the type of attack that has occurred at that time. Listed below is a list of the common weaknesses and attacks associated with e-commerce and social networking applications.
Common Weaknesses, Attacks, Motivation, and Roles Involved
SQL Injection
A SQL, or sequel, Injection refers to an attacker inserting sequel coding into the user input, such as the username/password user input at the applications login screen. Doing this, the attacker would be able to gain access to the list of passwords that could be stored within the application database. That said, the attacker’s motivation would be that of gain. He would like to gain access to this application in order to scam others, steal money, or change data around to his or her liking. This is the developer’s role to ensure that SQL Injections cannot occur. The security engineer can periodically test the user inputs to ensure that the user input has a SQL checker and/or limits to what characters can and cannot be used.
Cross-site scripting
Cross-site Scripting (XSS) refers to an attack that primary targets the end users, which requires a web form that takes a user’s input, processes it, and prints it in clear text for the attacker to readily have. The attacker can then log into that account, gaining access to it. A motivation here could be to gain monetary values. It will be the system administrator’s role
The security of a web application should become top priority when it comes to ensuring the security of the information that the application contains. When we, as an organization, think of security, we should all think of ways that the attacker would attempt to breach the application in order to gain access to the network, or exploit the vulnerability to his or her own benefits. There are many weaknesses pertaining to web applications, and these weaknesses each have an attack associated with it, with the attacker having his or her own motivation for the attack. The attacker’s motivation deeply depends on the type of attack that has occurred at that time. Listed below is a list of the common weaknesses and attacks associated with e-commerce and social networking applications.
Common Weaknesses, Attacks, Motivation, and Roles Involved
SQL Injection
A SQL, or sequel, Injection refers to an attacker inserting sequel coding into the user input, such as the username/password user input at the applications login screen. Doing this, the attacker would be able to gain access to the list of passwords that could be stored within the application database. That said, the attacker’s motivation would be that of gain. He would like to gain access to this application in order to scam others, steal money, or change data around to his or her liking. This is the developer’s role to ensure that SQL Injections cannot occur. The security engineer can periodically test the user inputs to ensure that the user input has a SQL checker and/or limits to what characters can and cannot be used.
Cross-site scripting
Cross-site Scripting (XSS) refers to an attack that primary targets the end users, which requires a web form that takes a user’s input, processes it, and prints it in clear text for the attacker to readily have. The attacker can then log into that account, gaining access to it. A motivation here could be to gain monetary values. It will be the system administrator’s role