Academic Integrity: tutoring, explanations, and feedback — we don’t complete graded work or submit on a student’s behalf.

Out of the various Web vulnerabilities, you will have read about this week (cros

ID: 3586198 • Letter: O

Question

Out of the various Web vulnerabilities, you will have read about this week (cross site scripting, command injection, XML injection, SQL injection, cross site request forgery, cross frame scripting, IFrame, clickjacking, etc), which one do you consider the most serious? Who is it serious to (business, consumer, someone else)? Why do you consider it the most serious of all of them? Compare/contrast to make your point. Out of the various Web vulnerabilities, you will have read about this week (cross site scripting, command injection, XML injection, SQL injection, cross site request forgery, cross frame scripting, IFrame, clickjacking, etc), which one do you consider the most serious? Who is it serious to (business, consumer, someone else)? Why do you consider it the most serious of all of them? Compare/contrast to make your point.

Explanation / Answer

which one do you consider the most serious?

SQL injection is the most serious web vulnerability.


Who is it serious to (business, consumer, someone else)?

SQL injection web vulnerability is sserious to the business which inturn serious to the consumers and probably someone and everyone else in the world if the organizations database servers has thousands or millions of user's fields, tables and records with their data in them.


Why do you consider it the most serious of all of them?

SQL injection web vulnerability uses application code to access or corrupt by running SQL queries on the database content which holds tens of thousands of user's crtical personal, financial, sensitive and crucial data in any organization. If this happens on any database server then this would be the worst effects of SQL injection in the world.


SQL injection attacks attempt to use application code to access or corrupt database content.

1) cross site scripting:

Cross-site scripting is a computer security vulnerability which are found in web applications. This makes attackers to inject client-side scripts into web pages viewed by other users. This flaw occurs when the application accepts untrusted data and sends it to the web browser without proper validation. Attackers use XSS to execute malicious scripts on the users' web-browser.

2) command injection:

Command injection is an attack in which the goal is execution of arbitrary commands on the host operating system via a vulnerable application. Command injection attacks are possible when an application passes unsafe user supplied data (forms, cookies, HTTP headers etc.) to a system shell.

3) XML injection:

XML Injection is an attack technique used to manipulate or compromise the logic of an XML application or service.

Injection is a security vulnerability that allows an attacker to alter backend SQL statements by manipulating the user supplied data.

4) SQL injection:

SQL injection web vulnerability is sserious to the business which inturn serious to the consumers and probably someone and everyone else in the world if the organizations database servers has thousands or millions of user's fields, tables and records with their data in them.

5) cross site request forgery:

Cross-site request forgery, is a type of malicious exploit of a website where unauthorized commands are transmitted from a user that the web application trusts. It affects at a user level.

6) cross frame scripting:

Cross-Frame Scripting is an attack that combines malicious JavaScript with an iframe loading a legitimate page in an effort to steal data from an unsuspecting user. This attack is only at a user level.

7) IFrame:

An IFrame (Inline Frame) is an HTML document embedded inside another HTML document on a website.

iframe could be dangerous because an attacker might use (social networking websites, like Facebook, allow users and developers to integrate the third party web page to their fan pages and other applications) it for phishing purposes.

8) clickjacking:

Clickjacking is a malicious technique tricking a web user into clicking on something different from what the user follows they are clicking on, thus revealing confidential information or taking control of their computer while clicking on seemingly innocuous web pages. This attack is only at a user level.

Related Questions

Our system is composed of a block with mass m which is moving with the initial s
Question #1283603
Our system used to get bombarded by bots trying to login to the ssh client on th
Question #659729
Our task is to measure the volume of blood in a live hippopotamus. One way to do
Question #1053318
Our teacher gaves us the answers so that we could figure out the process. I am t
Question #859395
Our technological and engineering powers are as yet nowhere near powerful enough
Question #1489151
Our text defines the four functions of a management as Planning, Organizing, Lea
Question #404193
Our text describes how JavaScript Regular Expressions can be used to validate te
Question #3903638
Our text discusses the four methods that John Mill suggests can be used to discu
Question #446912
Hire Me For All Your Tutoring Needs
Integrity-first tutoring: clear explanations, guidance, and feedback.
Drop an Email at
drjack9650@gmail.com
Chat Now And Get Quote

Navigate

Previous
Out of the following words in the word bank [which one best fit with the given d
Next
Out of these 6 choices, which one relates to plant size and plant thickness, and

Integrity-first tutoring: explanations and feedback only — we do not complete graded work. Learn more.