Web Application Attacks Prevention
ITT-TECH.EDU
Web Application Attacks Prevention
Week 3 Assignment
Affiliated
Date Sept.2013
Web Application Attacks Prevention advantage is used to benefit a protective or preventative standard used for determining the dimensions, area, with response capabilities such as an application layer firewall over a solution that identifies vulnerabilities in an application that are mean-full.
Week 3 Assignment: Web Application Attacks Prevention
Learning Objectives and Outcomes
You will be able to suggest appropriate defenses against common Web server and application attacks.
Assignment Requirements
Defense against web attacks is a key element in a security professional’s skill set. For this assignment, your manager has asked you to review the Aim Higher College’s Web server and application security and to suggest appropriate defenses. For each of the following scenarios, explain what the threat or threats are, what defenses you would recommend, and why.
1. Aim Higher College has deployed an open source blog package. This package uses a database backend and allows users to create user IDs, sites, and their own content to post it. Recently, the service has had off-campus users who have posted links that appear to be directed towards University resources, but they are getting redirected toward off-campus malware sites. What would you recommend that the application administrator should do?
2. A developer for Aim Higher College is creating a Web server form for submission of calendar events to the College’s event calendar. What protective measures would you suggest to ensure its security?
3. Database administrators from Aim Higher College’s central Information Technology (IT) group have contacted the security team noting that they are finding odd entries in a Web application’s backend database. Some of the entries appear to be SQL commands such as “UNION” and “JOIN” which cause them to think that an attacker is probing the Web application. What
Web Application Attacks Prevention
Week 3 Assignment
Affiliated
Date Sept.2013
Web Application Attacks Prevention advantage is used to benefit a protective or preventative standard used for determining the dimensions, area, with response capabilities such as an application layer firewall over a solution that identifies vulnerabilities in an application that are mean-full.
Week 3 Assignment: Web Application Attacks Prevention
Learning Objectives and Outcomes
You will be able to suggest appropriate defenses against common Web server and application attacks.
Assignment Requirements
Defense against web attacks is a key element in a security professional’s skill set. For this assignment, your manager has asked you to review the Aim Higher College’s Web server and application security and to suggest appropriate defenses. For each of the following scenarios, explain what the threat or threats are, what defenses you would recommend, and why.
1. Aim Higher College has deployed an open source blog package. This package uses a database backend and allows users to create user IDs, sites, and their own content to post it. Recently, the service has had off-campus users who have posted links that appear to be directed towards University resources, but they are getting redirected toward off-campus malware sites. What would you recommend that the application administrator should do?
2. A developer for Aim Higher College is creating a Web server form for submission of calendar events to the College’s event calendar. What protective measures would you suggest to ensure its security?
3. Database administrators from Aim Higher College’s central Information Technology (IT) group have contacted the security team noting that they are finding odd entries in a Web application’s backend database. Some of the entries appear to be SQL commands such as “UNION” and “JOIN” which cause them to think that an attacker is probing the Web application. What
Cited: acunetix.com/websitesecurity/webserver-security/. Combating the Web Vulnerability Threat. 2013. http://www.acunetix.com/websitesecurity/webserver-security/ (accessed October 21, 2013). cirt.net/nikto2-docs/configuration.html. Chapter 5. Configuration Files. n.d. http://cirt.net/nikto2-docs/configuration.html (accessed October 21, 2013). Mark, Heather. Web Application Attacks:Attempted Prevention or Detection & Response? . May 2008. http://www.transactionworld.net/articles (accessed Octuber 21, 2013).