CYB_240_Project_Two_Stepping_Stone.docx - William Ace Madera Southern New Hampshire University Cybersecurity 240 Project 2 Stepping Stone The top risk

CYB_240_Project_Two_Stepping_Stone.docx - William Ace...

This preview shows page 1 - 3 out of 4 pages.

William Ace Madera Southern New Hampshire University Cybersecurity 240 Project 2 Stepping Stone
Image of page 1
The top risk, as has been for years as per the Open Web Application Security Project (OWASP), is Injection. Until there is a coding system that can make this obsolete, it will stay on the top of the list. The other that is easily done is Cross-site scripting (XSS). These two will be the focus of this discussion. We will go into what exactly each are, how they occur, and how we can reduce the risk factors of each. First, we will discuss Injection then we will conclude with XSS. We will be using OWASP as our reference for the entirety of this discussion. Injection, by OWASP definition, is “occur when untrusted data is sent to an interpreter as part of a command or query. The attacker’s hostile data can trick the interpreter into executing unintended commands or accessing data without proper authorization.” 1 Sounds fancy, but what does that mean exactly. In short, someone goes to our login page enters a code that makes our databases return what’s called a true statement and gains access to the systems. For the purposes of this discussion we will refer to this person as “attacker”. I will explain what is meant by returning a true statement. When our database receives any input that makes either/or the username and password return true it allows access.
Image of page 2
Image of page 3

You've reached the end of your free preview.

Want to read all 4 pages?

  • Fall '19

What students are saying

  • Left Quote Icon

    As a current student on this bumpy collegiate pathway, I stumbled upon Course Hero, where I can find study resources for nearly all my courses, get online help from tutors 24/7, and even share my old projects, papers, and lecture notes with other students.

    Student Picture

    Kiran Temple University Fox School of Business ‘17, Course Hero Intern

  • Left Quote Icon

    I cannot even describe how much Course Hero helped me this summer. It’s truly become something I can always rely on and help me. In the end, I was not only able to survive summer classes, but I was able to thrive thanks to Course Hero.

    Student Picture

    Dana University of Pennsylvania ‘17, Course Hero Intern

  • Left Quote Icon

    The ability to access any university’s resources through Course Hero proved invaluable in my case. I was behind on Tulane coursework and actually used UCLA’s materials to help me move forward and get everything together on time.

    Student Picture

    Jill Tulane University ‘16, Course Hero Intern

Ask Expert Tutors You can ask You can ask ( soon) You can ask (will expire )
Answers in as fast as 15 minutes