Question 1:
a) Provide an example of a Cross Site Scripting (XSS) attack. Include an explanation of the differences between stored and reflective XSS attacks.
b) Provide an example of a SQL Injection attack. Why does the back end database make a difference in how it works. What type of information or access could be compromised with SQL injection attacks? Include at least two additional references.
c) What part of the e-mail process does SSL/TLS usually secure? Is this end-to-end security? Explain. What standards provide end-to-end security?
Question 2: Buffer overflows are a fairly common vulnerability. They can crash an application, allow unauthorized people access, process unintended payloads, etc. Most students just learning about the field of IT security may hear about buffer overflows but don’t really understand how they work.
The following online example is a great demonstration of how buffer overflows actually work. It really helps students understand how buffer overflows work if they can see a graphical representation. They can visualize the memory space and how the overflow may affect the underlying code. Let’s look at just one example of a buffer overflow written by Dr. Susan Gerhart.
1) Open a web browser and go to https://nsfsecurity.pr.erau.edu/bom/. (Additional buffer overflow examples are available for download at https://www.pearsonhighered.com/boyle.)
2) Scroll down and click on the link labeled “Spock.”
3) Click Play.
4) After it stops enter the first eight characters (ONLY eight characters) of your last name as the password. (If your last name has less than eight characters, you can fill in the last characters with “X.” For example, “Boyle” would become BOYLEXXX.)
5) Click Play.
6) Take a screenshot.
7) Click Reset.
8) Click Play.
9) After it stops enter the first eight characters (ONLY eight characters) of your last name as the password AND add the letter “T” at the end. (If your last name has less than eight characters, you can fill in the last characters with “X.” In this case it would be BOYLEXXXT.)
10) Click Play.
11) Take a screenshot
12) Provide a 2-3 paragraph description of your analysis of this activity.