Assignment Task:
"SQL injection is a common method used by attackers to gain access to or damage databases by modifying data. The injection of a client-side script, known as cross-scripting (XSS), can make web application scripts easy to manipulate. XSS allows attackers to execute scripts in a victim's browser in order to deface websites, hijack user sessions, or redirect them to malicious sites. Security flaws exist in broken authentication and session management, many of which involve user authentication. An attacker can steal a user's identity if authentication credentials are not protected. Direct object references that are not secured expose web application implementation details. Folders, database records, and directories are examples of effective internal communication objects. To obtain user data, hackers can use a URL to one of these objects. A common security misconfiguration is an unmaintained web application configuration. Applications, frameworks, databases, and web servers all need to be protected. Incorrect security settings may allow hackers to access sensitive information or features. This results in a system breach. An injection attack occurs when a malicious user sends invalid data into a web app. A malicious actor can gain control of the system by exploiting a verification flaw. Data that should have been protected is exploited as a result of sensitive data exposure. Because the components of web applications are not secure, this access control flaw exposes them to data breaches. Through insecure deserialization of serialized URLs, malicious actors can gain access to web applications. The lack of logging and monitoring raises the risk of web app hacking. Web attacks pose numerous dangers, including financial loss. Identity theft is the unauthorized disclosure of personal information such as passwords, bank account information, and government data. Thieves stole network resources, harmed digital banking and e-commerce, and harmed brands and reputations. Restricting computer access. Unauthorized access to computer and network resources."
Team Discussion - Real World Security Incident Discussion Topic
This discussion is relevant to this week's Apply assignment and must be completed for success.
Research a real-world incident involving a successful exploitation of the VPN/SSL protocols.
The type of attack and the countermeasures applied to defend against the attack. Could this attack have been avoided? If so, what countermeasures would have been effective?
Respond to at least 2 classmates'?answers.
Assignment Content:
Review the "Real World Security Incident" Learning Team discussion and incorporate your findings in this assignment for success.
Research vulnerabilities that may have contributed to security incidents with respect to VPN/SSL as discussed in Wks 3 and 5.
Assignment Content:
Review the "Real World Security Incident" Learning Team discussion and incorporate your findings in this assignment for success.
Research vulnerabilities that may have contributed to security incidents with respect to VPN/SSL as discussed in Wks 3 and 5.
Table comparing the vulnerabilities, threats, and risks for the real-world security incident discussed by the class, along with related vulnerabilities that may have contributed to the security incident.
Slide multimedia presentation that you will present to a group of Chief Information Officers (CIO), displaying the vulnerabilities, threats, and risks from least significance to the greatest significance and how each would negatively impact the company.