Sign Up Now
Get instant access to over 1 million+ study documents
OR
Already registered? click here to login
By creating your account, you agree to our terms of service, privacy policy and student honor code.
SQL injection occurs when an attacker uses SQL scripts to send information to the server by using the website forms and URL's. If, the website form data is not sanitized before been sent to the database it can lead to this attack. Without sanitization, an attacker can post any data they want directly to the database thus been able to access the information stored and alter the information if so desired. It is easy to make an SQL query, insert it into a form field with whichever parameters one desires and this would compromise the security of the website and its data. Using SQL injection, an attacker can capture sensitive information stored in the database like passwords or credit card details. To prevent this attack, the website developer will need to ensure that the website form fields do not accept any SQL statements. This will be through ensuring that all data received from website form fields is escaped correctly. Using error handlers the website developer can detect any SQL statements before they are submitted to the database, thus, ensuring that their servers will not be compromised in any way.
Cross-site scripting is a website vulnerability that uses the browser security flaws. Bypassing access controls, attackers are able to inject client-side scripts from malicious websites using trusted websites that have been authorized by the user. This flaw occurs unknowingly by the developers as they permit the connecting of different web technologies in their codes. Managing this risk is tricky as one may permit a genuine web application, but the application developers' server may be compromised. Ensuring that web applications linked from the website are safe is the sure way to mitigate against this threat. Web developers should also keep their website script updated to counter this form of attack.
PHP remote file attack occurs when the website developer does not validate the data they receive from their website forms. The attacker can output files from the server by using...
The file will contain the malicious code that would be used for the attack Cavusoglu, Mishra, & Raghunathan, 2004.
These attacks have been on the decline as more web developers are now validating any data they receive from their web forms. Using apache configurations, and network security a developer can ensure that this attack would not attack. Another method of managing this risk is ensuring the code used to develop the web application does not leave room for an attacker to attach any files.
Conclusion
Website vulnerabilities and client-side application flaws can be coupled together. This is because a majority of the attacks that affect client-side applications often emanate from websites, when a visitor downloads a document or a file from a website that contains malicious code. The other reason for coupling them together is because a majority of the website attacks are usually targeted at the site visitors, either one want to attack the visitors' computers, or they want to access their sensitive data that is stored in a website server. Therefore, it is essential that website developers ensure that their websites are safe and cannot be used for attacks.
References
Anandarajan, M. (2002). Profiling Web Usage in the Workplace: A Behavior-Based Artificial Intelligence Approach. Journal of Management Information Systems, 19(1), 243-266.
Cavusoglu, H., Mishra, B., & Raghunathan, S. (2004). The Effect of Internet Security Breach Announcements on Market Value: Capital Market Reactions for Breached Firms and Internet Security Developers. International Journal of Electronic Commerce, 9(1), 69-104.
Doerr, H.M., & Hecht, C.G. (1995). Navigating the Web. The Mathematics Teacher, 88(8), 716-719.
Hansen, L., & Nissenbaum, H. (2009). Digital Disaster, Cyber Security, and the Copenhagen School. International Studies Quarterly, 53(4), 1155-1175.
Risk Management: Disaster Recovery In essence, disaster recovery has got to do with protecting an organization against events of a negative nature and their effects/impact. Such events include, but they are not limited to, failure of equipment, serious cyber attacks, and natural disasters such as hurricanes and earthquakes. All these put the operations of the organization at risk. This text concerns itself with practical risk management. In so doing, it will,
Businesses are always exposed to risks of several kinds, for which risk management becomes mandatory. To keep the corporation safe, an appropriate risk management program is obligatory even in times of uncertainty. Risk management helps in strengthening communication between the higher authorities and low line workers. The reports and analysis would be shared vertically and horizontally so that risk mitigation becomes easier through a smooth communication flow. It is conducive
The role of Risk Management Information System (RMIS) in BAE Systems, Inc. With its headquarters in Virginia’s Arlington County, BAE Systems Incorporated has units in America, Britain, Mexico, Israel, Sweden, and South Africa that employ around 43,000 individuals. Its mounting yearly earnings suggest that it may be counted as one of the top global defense firms (Winzelberg, 1). Its extensive operations cover air, naval and land electronic systems, services, and platforms.
Cyber Security Currently, the internet has become a significant infrastructure, which has brought new degrees of productivity, convenience, and effectiveness for the private and public firms. The many incidents of internet attacks reflect the vulnerability of the information systems, the severity of malicious programs and the offensive nature of technology. Similarly, either attackers can hide their identity, through disabling logging facilities or altering event logs, which makes them go undetected. On
Cyber Forensics and Legal Considerations: Is the Law Keeping up with Advancing Technology? Introduction Because of the digital age and the possibilities it has introduced, digital forensics is now a necessity within the realm of law enforcement. However, there are numerous considerations to be made within this realm: constitutional law, property law, contract law, tort law, cybercrime, criminal procedure, evidence law, and cyber war. This paper will examine how the law is
worst that could happen to an information system was a natural disaster destroying all information, nowadays, the category of risks has become thoroughly diversified and, because an increasing use of informational systems as data storage and processing tools, it has become more and more important to provide suitable solutions in each situations. In the paragraphs here below, we present a series of problems one may face in ensuring IT