Module 4 Web Based Attacks, Discussion Replies help
Must be 150 words each and have substantial content not just filibuster.
1) Module 4 Web Based Attacks
Module 4 covers Internet Security and really focuses on securing the browser. It is also important for security professionals to understand how various web-based attacks work so for this discussion point, consider the different methods (such as XSS, SQL injection, etc) that are used to exploit either a web server environment or a browser and explain the one you think is most risky or interesting.
2) Module 4 Web based attacks/ SQL injection
This is a good one. One of the more concerning vulnerabilities is SQL Injection since, when accomplished, can result in a lot of different bad things. In addition to stealing information like credit card number of personal information, an attacker can change values in the databases which will have a direct impact on customers and the company. This is a prime example of a very risky web vulnerability, can you also explain where the attacker enters their commands on a site and what an example of one looks like?
3) Module 4 Web Based Attacks/ Cross Site Scripting
I agree Cross Site Scripting is a pretty dangerous vulnerability. There are 2 types of XSS, one is called Stored XSS and the other is Reflected XSS. In a Stored version, an attacker posts a browser scrips on a web page such as a blog site and then the next users that go and view that blog will end up running the scrips. In a Reflected version, the attacker sends the victim a link in an email which includes the vulnerable web site as well as the code the attacker wants them to run. If they click the link they browse the web server, which bounces the script back to the browser which then runs it.
In both versions, the script is sent from a legitimate web site to a browser to attack the client machine. There are a number of ways for web developers to protect against XSS attacks, can you name any best practices here?
4) Module 4 Child Friendly Website
I’m glad I read this module. I’ve never heard of this site. I tried visiting it while at my office but unfortunately, my network’s security settings prevented me from visiting it. I will definitely check it out and inform my wife about it since I have a 12 years old and 11 years old that constantly visit sites for work and entertainment. I’m always on guard to ensure the sites they visit are safe. As the module explained, I setup filter content to block inappropriate sites from view. Luckily, I do IT for a living and it has given me the opportunity to create my own home network with AD. I have set GPO on their computers while setting unrestricted access for my wife and I. With Kidzui, I can have peace of mind knowing that whatever content they view on this site is safe. Unfortunately, not everything is as safe as advertised. What if a predator manages to infiltrate the site and prey on kids? Hopefully, this question has been answered by the site’s developer.
5) Module 5 Risks of Social Networking
Social networking has exploded in popularity in recent years and most users on it are not aware of the many risks it may pose. This module describes a number of risks associated with social networking, which of these are you most concerned with and what would you suggest to a friend to lessen that risk?
6) Module 6 Spam
Email is one of the easiest methods to exploit a user system and is often the jumping off point in spreading to other parts of a company network. Spam comes in several shapes and forms, some of which is easy to detect and others where it is difficult to tell. What are some things you would look for in an email to decide if it is a legitimate message or a trick to exploit your system?
7) Discussion Question Web Browser security
You work for a hospital evaluating the security of internet interaction.
Discuss the largest security risk web browsers pose. What is the best way an organization can mitigate against that risk
8) Discussion Question Online Interaction Risks