W5- IT4071 A2 (1)
docx
keyboard_arrow_up
School
Capella University *
*We aren’t endorsed by this school
Course
4071
Subject
Information Systems
Date
Feb 20, 2024
Type
docx
Pages
6
Uploaded by CommodorePenguin2708
IT4071- W5
1
Vulnerabilities of Web Servers
Janie Craig
Vulnerabilities of Web Servers
Capella University IT4071-Week 5
02/06/24
IT4071- W5
2
Vulnerabilities of Web Servers
CSS and CSRF can allow an attacker to gain access to the person's private data, name, social, card information, address, and more. Buffer Overflow when the data is too big for storage
and runs over to another point can allow an attacker to exploit this overflow it can allow them to install malware. SQL injection is when SQL is manipulated to allow access to sensitive data or execute malicious code. An attacker can use a SQL Injection, CSS, Buffer Overflow as it can be used to inject malware to the system.
Cross-site scripting (CSS) The first thing to go over today is Cross-site scripting also known as CSS and XSS. CSS is a web security vulnerability that allows an attacker to compromise an application that is vulnerable. The three types of CSS are external, internal, and inline. “External CSS commands are written in a separate file from the main HTML page. These
are linked to each web page by command in the HTML file.” An internal CSS is where you can add CSS to HTML documents. An Inline CSS is a single element with an insert style sheet in an HTML document. Hackers can use CSS injection to attack a web application by using CSS code that can load an external asset. Cross-site request forgery (CSRF)
Cross-site request forgery or CSRF also known as one-click attack or session riding or XSRF is a malicious exploit of a web application where unauthorized commands are submitted
IT4071- W5
3
Vulnerabilities of Web Servers
that would come from a person that the web application “thinks” it can trust. This attacker can then gain access to the person's private data, name, social, card information, address, and more. Cross-site scripting (CSS) vs. cross-site request forgery (CSRF)
Cross-site scripting allows a hacker to use code to attack a users browser. CSRF allows the hacker to trick a user into performing an action that they did not mean to do. CSS is a style sheet language used to control how a website looks. Cross-site forgery is a vulnerability that attackers can use to steal data.
Buffer overflow
Buffer Overflow also known as buffer overrun occurs when the data runs over the
storage capacity. This will then cause it to corrupt, overwrite other data or cause it to crash. When an attacker exploits this overflow it can allow them to install malware. “Buffer Overflow
This class of attack is one of the most common and most dangerous weapons used by malicious attackers.” This can be prevented by proper training, patching
the application when needed, regularly monitoring and scanning applications, and auditing code.
Structured query language (SQL) injection attacks
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
- Access to all documents
- Unlimited textbook solutions
- 24/7 expert homework help
IT4071- W5
4
Vulnerabilities of Web Servers
SQL injection is when SQL is manipulated to allow access to sensitive data or execute malicious code. When this is done it can allow an attacker to see the sensitive data of the company or of the organization/company. This can be small data such as names to much more sensitive data such as banking information and more.
Buffer overflow vs. structured query language (SQL) injection attacks
SQL injection attacks are very different from buffer overflows (overruns.) However, they do still allow an attacker to gain access to sensitive information and allow the attacker to input malicious code. They can both put the company or a user at risk of getting their information leaked or stolen or corrupted. Discuss which attacks are used by hackers to attack database management systems
An attacker can use a SQL Injection, CSS, Buffer Overflow as it can be used to inject malware to the system. Phishing emails as they can use this to gain access or information. Trojans, accessible back ups, and packet sniffing can allow an attacker to attack database management systems and gain access. Exploiting any vulnerabilities can allow easier access to these databases or applications. CSS is a web security vulnerability that allows an attacker to compromise an application that is vulnerable. Cross-site request forgery or CSRF also known as one-click attack or session
IT4071- W5
5
Vulnerabilities of Web Servers
riding or XSRF is a malicious exploit of a web application where unauthorized commands are submitted that would come from a person that the web application “thinks” it can trust. This attacker can then gain access to the person's private data, name, social, card information, address,
and more. Buffer Overflow also known as buffer overrun occurs when the data runs over the storage capacity. SQL injection is when SQL is manipulated to allow access to sensitive data or execute malicious code. When an attacker exploits this overflow it can allow them to install malware. An attacker can use a SQL Injection, CSS, Buffer Overflow as it can be used to inject malware to the system.
Summary/ Conclusion:
IT4071- W5
6
Vulnerabilities of Web Servers
Reference Page: https://study.com/academy/lesson/cascading-style-sheets-css-definition-types-
examples.html#:~:text=There%20are%20three%20types%20of,command%20in%20the
%20HTML%20file
.
“External CSS commands are written in a separate file from the main HTML page. These are
linked to each web page by command in the HTML file.”
Foster, J. C., Bhalla, Nish., Heinen, Neils., & Osipov, Vitaly. (2005). Buffer overflow attacks
detect, exploit, prevent
. Syngress Publishing.
“
Buffer Overflow
This class of attack is one of the most common and most dangerous weapons used by malicious attackers.”
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
- Access to all documents
- Unlimited textbook solutions
- 24/7 expert homework help