CS 253 Web Security

Explain the concepts and procedures associated with Web and database attacks by addressing the following: Explain when and why the initial penetration test should be performed on a Web server. Explain the similarities and differences between a cross-site scripting attack and a reflective cross-site scripting attack. Identify the Web application attacks that are most likely to compromise confidentiality. Describe techniques to mitigate and respond to SQL injection attacks.

 

If this was your responsibility, explain how you would ensure that penetration and Web application testing were part of the implementation process. Explain why you were instructed to set the DVWA security level to low during the lab. Now apply what you learned in the lab to the following scenario. Scenario and Your Role As the head of the international information technology security team for Acme Corporation, you were asked to attend an industry conference on Web security. After the conference, the CISO asked you to present a summary of the conference to several of the IT teams.

 

Requirements Continue working in the same document; simply start your report on a new page with an appropriate heading. Develop a report that would be appropriate for several IT teams. In the report, address the following: Explain: Cross-site scripting (CSS). Cross-site request forgery (CSRF). Buffer overflow. Structured query language (SQL) injection attacks. Compare CSS and CSRF. Compare buffer overflow and SQL injection attacks. Explain which attacks are used by hackers to attack database management systems. Support your work with references to at least three recent, relevant professional resources. Additional Requirements Include a title page and references page. The length will vary depending on how you paste your screen captures. The report should be 3–4 pages in length. Cite at least three current, relevant professional resources. Follow current APA style and format for references. Use Times New Roman, 12 points, double-spaced.