You have been hired as a security consultant for TJ Riggings. As your first task

Question

You have been hired as a security consultant for TJ Riggings. As your first task, you have been asked to complete a security audit of their web applications. Answer the following questions.
1. What are the first steps that you would take to test the sites for SQL injection for vulnerability?
2. How might you apply the concept of inferential testing?
3. What is your strategy for identifying dangerous source code now and far into the future?
4. What suggestion would you offer TJ Riggings in reference to their web clients?

Explanation / Answer

1. SQLi (SQL Injection) is an old technique where hacker executes the malicious SQL statements to take over the website. The SQL injection problem should be tested only in the test environment. Appending a ' to an input is usually a pretty good test to see if it generates an error or otherwise produces unexpected behavior on the site.

It's an indication that the user input is being used to build a raw query and the developer didn't expect a single quote, which changes the query structure.The tester should request the database administrator or the developer to copy the table in question before attempting the following SQL injection. Instead of manually testing whether the application is vulnerable to SQL injection or not, one could use a web vulnerability scanner that checks for SQL injection.

2. Inferential testing is one of the major source for metric collection. It is the way of describing the central position of a frequency distribution for a group of data. One of the simplest inferential test is used when you want to compare the average performance of two groups on a single measure to see if there is a difference. The same condition is applied here on the web client. randomly collect the data from the metrics that stored over a period of time and compare it. This provides us Inferential sts]atistics.

3. If TJ Riggings don't lock down their Web apps, security risks will increase as corporate dependency on Internet and intranet applications rises, along with site complexity, language depth and overall functionality. So, to reduce the vulnerabilities this has to be implemented. Third party tools can be implemnted and have to be upgraded to latest patch timely in irder to check the code for vulnerabilties. Firstly given code has to check for the quality review in quality environment and later it has to be imlement in production environment. These stratigies surely help in detecting the malicious code.

4. Configure Single sign on for users that logged in to the back-end of the web servers and for reliable communication over the network web clients have to be provided with Single socket layers protects from threats. Moreover placing honeypots on the network can detect the external threats. Implementing these techniques might help TJ riggings to protect data from breaching.

Related Questions

Navigate

• Browse (All)
• Browse Y
• Subjects

Integrity-first tutoring: explanations and feedback only — we do not complete graded work. Learn more.