7050_Week 4_Discussion Board
docx
keyboard_arrow_up
School
Strathmore University *
*We aren’t endorsed by this school
Course
7000
Subject
Information Systems
Date
Nov 24, 2024
Type
docx
Pages
2
Uploaded by DukeMinkMaster907
1
WEEK 4 DISCUSSION
Video 9: Securing Web Applications
XSS attacks
Also known as cross-site scripting, XSS attacks are a type of injection attacks in which
attackers inject malicious code into a safe website. Attackers first start with identifying a flaw in
the target website or application and through the flaw, they send malicious code, commonly
known as JavaScript. With XSS attacks, attackers directly target users of the website or
application as opposed to targeting the host of the website or application. Organizations can be a
target of XSS attacks if they leave the door open by displaying content from users (Lutkevich,
2021).
Content sanitization
Content sanitization refers to the process of malware threat mitigation by scanning file
and document content and by that, one identifies active content and removes active code.
Additionally, the process of content sanitization involves recreating the content without the code
that can potentially threaten its security. Content sanitization is also known as content disarm and
recovery (CDR). Different from antivirus tools, content sanitization reconstructs the known-good
components of a file to make them cleaner and by doing that, it leaves malware behind
(Wigmore, 2014).
SQL injection attacks
SQL injection attacks, also known as SQLi, refer to the types of cybersecurity attacks that
work by injecting malicious SQL code into a system or application. When an SQL injection
attack is done successfully, it enables the attacks to simply view or make malicious changes to
the database. Additionally, a successful SQL injection attack allows attackers to execute admin
database tasks and recover files from the database system. There are also some cases in which a
2
WEEK 4 DISCUSSION
successful SQL injection attack allows attackers to issue commands to the database operating
system. SQL injection attacks are increasingly becoming common targeting large websites, social
media platforms, and businesses (Dizdar, 2022).
References
Dizdar, A. (2022).
SQL Injection Attack: Real Life Attacks and Code Examples
.
https://brightsec.com/blog/sql-injection-attack/
Lutkevich, B. (2021).
Cross-site scripting (XSS).
https://www.techtarget.com/searchsecurity/definition/cross-site-scripting
Wigmore, I. (2014).
Document sanitization
.
https://www.techtarget.com/whatis/definition/document-sanitization
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
- Access to all documents
- Unlimited textbook solutions
- 24/7 expert homework help