Preview

IS3445 Unit 4 Lab

Good Essays
Open Document
Open Document
556 Words
Grammar
Grammar
Plagiarism
Plagiarism
Writing
Writing
Score
Score
IS3445 Unit 4 Lab
1 What is brute force attack and how can the risks of these attacks be mitigated.
It is a cryptanalytic attack that can be used against any encrypted data. It can be mitigated by choosing suitable passwords and putting in place lockouts that restrict access after x number of failed login attempts will significantly assist in reducing the risk of brute-force attacks.
2. Explain a scenario where a hacker may use Cross Site Request Forgery (CRFS) to perform authorized transactions.
If you are on a bad site such as a bad movie upload page or a smut website the hacker can use that to pass false authorization.
3. What is the proper way to prevent XSS attack?
The first rule is to deny all
4. If an attacker wishes to place a phishing page on a website, what is a common vulnerability that can be exploited to successfully do this?
Criminals often use social engineering along with vulnerabilities in applications such as web browsers or email clients to trick users into installing malicious code on their computer.
5. What can be the impact of a successful SQL injection?
A successful SQL injection exploit can read sensitive data from the database, modify database data (Insert/Update/Delete), execute administration operations on the database, and recover the content of a given file present on the DBMS file system and in some cases issue commands to the operating system.
6. What is the difference with a blind SQL injection attack from a normal SQL injection attack? The only difference being the way the data is retrieved from the database.
7. Why are stored XSS vulnerabilities a major risk for web applications
Cross-Site Scripting is a type of injection problem in which malicious scripts (vb, js etc.) are into a trusted web site. XSS flaws occur whenever an application takes untrusted (typically user supplied) data and sends it invalidated to a web browser. XSS allows attackers to execute script in the victim’s browser and the malicious script can

You May Also Find These Documents Helpful

  • Satisfactory Essays

    This is when the hacker places a back door that could be done by installing a program that can give the hacker unlimited access to the database anytime which could compromise any important data such as customer personal information or even company information.…

    • 255 Words
    • 2 Pages
    Satisfactory Essays
  • Good Essays

    Database administrators should monitor their SQL databases for unauthorized or abnormal SQL injections and write scripts for alarming as well as Simple Network Management Protocol (SNMP) alerts. Additional safeguards can be placed that include encrypting the data elements that reside in long-term storage of the SQL…

    • 575 Words
    • 3 Pages
    Good Essays
  • Satisfactory Essays

    * Tends to increase in countries experiencing rapid growth in broadband infrastructure and connectivity, , readily available malicious code kits are making it simple for attackers to mount attacks, the online underground economy and malicious activity are benefiting from the downturn in the global economy.…

    • 275 Words
    • 1 Page
    Satisfactory Essays
  • Powerful Essays

    Nt1330 Unit 1 Assignment

    • 2207 Words
    • 9 Pages

    Vulnerabilities in the computers may be due the unauthorized access of the person to corrupt the information in the system related to the database, some may also format the databases where upon usage they can easily hack the information. For example, the Blaster Worm abused a Windows 2000 feebleness to make foreswearing of association conditions.…

    • 2207 Words
    • 9 Pages
    Powerful Essays
  • Satisfactory Essays

    ISSC421 Lab 3

    • 414 Words
    • 2 Pages

    You can use it to see if there are any unidentified processes being run in the back ground without your knowledge.…

    • 414 Words
    • 2 Pages
    Satisfactory Essays
  • Better Essays

    Hackers formulate different variations of Malware to take advantage of these areas before the Developers can patch and protect against these vulnerabilities (Wikipedia, 2013). Oracle’s Java is an example of an application that is vulnerable. Their latest patch JAVA 7 Update 11 is in place to prevent up to fifty of these vulnerabilities as it just recently experienced some of these exploits. Many users are disabling this application in a Browser setting, likening it to “Kissing a black rat, in London, during the plague.” As stated in the Inquirer (Neal,…

    • 1564 Words
    • 7 Pages
    Better Essays
  • Satisfactory Essays

    mis 535

    • 2196 Words
    • 8 Pages

    In a typical phishing attack, the attacker puts up a Web site that looks nearly identical to the victim's Web site. Technology changes fast, our genetic code and learned behaviors not so. As security professionals, we must concentrate not on technical measures, but on education, education, education. Phishers often set up the fake sites several days before sending out phishing e-mails. One way to stop them from swindling customers is to find and shut down these phishing sites before phishers launch their e-mail campaigns. Companies can outsource the search to a fraud alert service. These services use technologies that scour the Web looking for unauthorized uses of your logo or newly registered domains that contain your company's name, either of which might be an indication of an impending phishing attack. This will give your company time to counteract the strike Phishing attacks bring with them other risks and costs as well; including the direct IT costs to locate the source of data loss. Organizations should establish a cross-functional anti-phishing team and develop a response plan so that they're ready to deal with any attack. Ideally, the team should include representatives from IT, internal audit, communications, PR, marketing, the Web group, customer service and legal services.…

    • 2196 Words
    • 8 Pages
    Satisfactory Essays
  • Good Essays

    SkillPort Security

    • 647 Words
    • 3 Pages

    Well trained employees play a huge factor in protecting the network. Many viruses and malware can be prevented just by paying attention and having a trained eye. It is important that employees can recognize and respond to social engineering techniques. Social engineering is a method that attackers use to gain information to make their attack successful. In other words, it is a method of gaining confidential information. Social engineering has been around for a very long time and it is the most basic way to bypass an organizations security.…

    • 647 Words
    • 3 Pages
    Good Essays
  • Satisfactory Essays

    IS 4560 Week 1

    • 309 Words
    • 2 Pages

    Bot-infected computers - Bots allow for a wide range of functionality and most can be updated to assume increased functionality by downloading new code and features. Attackers can use bots to perform a variety of tasks, such as setting up denial-of-service (DoS) attacks against an organization’s website, distributing spam and phishing attacks, distributing spyware and adware, propagating malicious code, and harvesting confidential information that may be used in identity theft from compromised computers—all of which can lead to serious financial and legal consequences. Attackers favor bot-infected computers with a decentralized C&C model because they are difficult to disable and allow the attackers to hide in plain sight among the massive amounts of unrelated traffic occurring over the same…

    • 309 Words
    • 2 Pages
    Satisfactory Essays
  • Powerful Essays

    Phishing Attack

    • 4826 Words
    • 20 Pages

    In the field of computer security, Phishing is the criminally fraudulent process of attempting to acquire sensitive information such as usernames, passwords and credit card details, by masquerading as a trustworthy entity in an electronic communication. Phishing is a fraudulent e-mail that attempts to get you to divulge personal data that can then be used for illegitimate purposes.…

    • 4826 Words
    • 20 Pages
    Powerful Essays
  • Good Essays

    Jsp Notes

    • 1435 Words
    • 6 Pages

    In today's environment most web sites servers dynamic pages based on user request. Database is very convenient way to store the data of users and other things. JDBC provide excellent database connectivity in heterogeneous database environment. Using JSP and JDBC its very easy to develop database driven web application.…

    • 1435 Words
    • 6 Pages
    Good Essays
  • Better Essays

    Spoofing: email spoofing (= phishing)/ IP spoofing = intruder uses another site’s IP address to masquerade as that other site…

    • 980 Words
    • 4 Pages
    Better Essays
  • Good Essays

    Cyber Crime

    • 916 Words
    • 4 Pages

    Computer crimes are criminal activities, which involve the use of information technology to gain an illegal or an unauthorized access to a computer system with intent of damaging, deleting or altering computer data. Computer crimes also include the activities such as electronic frauds, misuse of devices, identity theft and data as well as system interference. Computer crimes may not necessarily involve damage to physical property. They rather include the manipulation of confidential data and critical information. Computer crimes involve activities of software theft, wherein the privacy of the users is hampered. These criminal activities involve the breach of human and information privacy, as also the theft and illegal alteration of system critical information. The different types of computer crimes have necessitated the introduction and use of newer and more effective security measures.…

    • 916 Words
    • 4 Pages
    Good Essays
  • Good Essays

    Browser Security Report

    • 885 Words
    • 4 Pages

    Web Forgery (Phishing) is a way of attempting to acquire sensitive information such as usernames, passwords, and credit card details by masquerading as a trustworthy entity in an electronic communication. The name “phishing” is come from the real life activity of fishing, the criminals are the fisherman, they puts a bait at the hook, thus, pretending to be a genuine food for fish (web users), but the hook inside it takes the complete fish out of the pool. Phishing attacks are typically come from email messages or instant massagers that attempt the lure recipient into giving their personal information on fake web sites whose look and feel are almost identical to the real one, they might even use the logo, images and details from the real site.…

    • 885 Words
    • 4 Pages
    Good Essays
  • Good Essays

    One such way that your system can be compromised is when hackers break into a legitimate site and replace the links in the site with links to malicious sites. So for instance, you may be reading a legitimate newspaper website that has been hacked and one of the links to a news article could point you to a site that attempts to download a virus or malware to your PC. Since you trusted the site and didn’t know the link was malicious there’s really no good way to catch such a problem.…

    • 438 Words
    • 2 Pages
    Good Essays