Academic Integrity: tutoring, explanations, and feedback — we don’t complete graded work or submit on a student’s behalf.

Add or Comment Question: Most cyber-attacks happen because vulnerabilities in sy

ID: 3599407 • Letter: A

Question

Add or Comment

Question:

Most cyber-attacks happen because vulnerabilities in system or application software. Buffer Overflow, SQL Injection, Code/OS Command Injection, Cross-Site Scripting (XSS), Cross-Site Request Forgery and Race Conditions are very common vulnerabilities. (Refer to both NIST/DHS and MITRE databases of common vulnerabilities (http://nvd.nist.gov/cwe.cfm; http://cwe.mitre.org/top25/).) For this conference, explain what a specific vulnerability is, describe a famous attack that leveraged it (For example, the Morris worm leveraged the buffer overflow vulnerability), and how it can be prevented/minimized. Your post can either discuss a vulnerability that has not been discussed, or expand upon what someone has already posted. I encourage multiple postings by an individual. Try not to repeat what is already posted.

Answer:

A software vulnerability to consider is an SQL injection, describe as a literal injection of code, the intention is to infiltrate the database and its information. When the inputs in the computer system are not entered accurately then it is easy for this injection to be inserted into the code. Thus, making it easier for the hacker to access the information really easily. The most common flaw in a computer system that make it susceptible to the threat of vulnerabilities has to do with incorrect input. If they aren’t entered correctly, then the processing is also thrown off, leading to multiple vulnerabilities having room to cause havoc on the system. An example of this vulnerability as its applied to an actual case would be the heist led out by Albert Gonzalez, in New York City. Stealing numerous credit cards and debit cards, it was the largest credit card breach in history carried out by Gonzalez. His crime was to hack the database, and once the secure information linked to credit cards was in his possession. Then he would release the information into the black market. As the database was the main target, the method of attack used was the SQL injection. By utilizing this method of attack, a structure query language, operational control of the database is achieved. If the data inputs are entered incorrectly, then by entering this injection the information entered can be malformed and mutate the inputs. Once the database is infiltrated, then more control is given.

A couple of ways to prevent SQL injection attacks would include, using a web application firewall, or limiting database privileges by context, or by regularly applying software patches. For using a web application firewall, dangerous web requests are accounted for and have to be filtered through, and the specific SQL injection defenses hone in on the filtration of the injections attempting to sneak through. As for the prevention method of regularly applying software patches, patching can maintain the integrity of the system by being updated appropriately. One of the key prevention methods would include the limitation of database privileges. This is due to the fact that the direct system being targeted ,when a hacker launches an SQL injection, is the database. Therefore, in “creating multiple database user accounts with the minimum levels of privilege for their usage environment” would cause a breach to not compromise the database as a whole (Weiss 2016).

Explanation / Answer

cross-site request forgery:

It was abbreviated as CSRF, also popularly known as One Click attack or Session Riding. It is a kind malicious attack over the websites, some of exploiting commands are passed to the webserver from user, whom the application trusts.

There are various kind of process are utilized in this approach, namely

CSRF will damage the trust that, an website has with its browser.

Example : One of popular web attack using CSRF is, Netflix has be exploited in the year 2006. The attackers has added few DVD's to the victims rental queue, altering the shipping address also compromised the victim's account completely by altering the login details too.

In this list the popular Anti virus product, McAfee was added where the attackers modified their company systems.

CSRF is an confused deputy attack on the web browsers. Following the characteristics of CSRF

How to prevent from CSRF:

As CSRF is a serious problem, which has already impacted many tech giants like Google and Yahoo. There are also prevention technique available for CSRF attacks.

Related Questions

Add binary_search() (page 462) to your program. Modify main() to prompt the user
Question #3904780
Add charges, single electron dots, and/or pairs of dots as appropriate to show t
Question #722090
Add codc the prints out all of the command line arguments from 0 to argc. ii.Add
Question #3685924
Add code (below) so that the program will ask the user how many whole odd number
Question #3830587
Add code for a new method, setPrice, with the following signature: /** * Set the
Question #3530916
Add code for the bolded area only: File name : 2170_10_5a.cc Purpose : This prog
Question #3779378
Add code to let the program print Fibonacci series on console. # C code: # int f
Question #3915288
Add code to main in the HashTableTester.java file so it ALSO declares a HashSC<L
Question #3843839
Hire Me For All Your Tutoring Needs
Integrity-first tutoring: clear explanations, guidance, and feedback.
Drop an Email at
drjack9650@gmail.com
Chat Now And Get Quote

Navigate

Previous
Add one or more parentheses to expression so it evaluates to True. Explain what
Next
Add or Drop Classes Sapling Learning M. University of yUSF Short Assignment 13..

Integrity-first tutoring: explanations and feedback only — we do not complete graded work. Learn more.