SEC420: Week 8: Assignment 2: Web Application Attack Scenario

Assignment 2: Web Application Attack Scenario Due Week 8 and worth 80 points Suppose that you are currently employed as an Information Security Manager for a medium-sized software development and outsourcing services company. The Software Development Director has asked you to provide a detailed presentation for her department regarding the most common Web application threats and the manner in which their products could compromise customer financial data. The products in question use Microsoft SQL Server databases and IIS Web servers. She has asked you to provide a report for her review before she schedules the presentation. Write a three to four (3-4) page paper in which you: 1.       Analyze the common threats to data systems such as Web applications and data servers. Next, speculate on the greatest area of vulnerability and potential for damage and / or data loss of such data systems (e.g., SQL injection, Web-based password cracking). 2.       Devise one (1) attack scenario where a hacker could use the area of vulnerability that you chose in Question 1 in order to gain access to a network or sensitive data. Examine the primary ways in which the hacker could execute such an attack, and suggest the strategic manner in which a security professional could prevent the attack. 3.       Explore the primary role that the human element could play in adding to the attack scenario devised in Question 2. Give your opinion on whether or not the human component is critical in protection from that type of attack. 4.       Use at least four (4) quality resources in this assignment. Note: Wikipedia and similar Websites do not qualify as quality resources.    Your assignment must follow these formatting requirements: ·         Be typed, double spaced, using Times New Roman font (size 12), with one-inch margins on all sides; citations and references must follow APA or school-specific format. Check with your professor for any additional instructions. ·         Include a cover page containing the title of the assignment, your name, the professor’s name, the course title, and the date. The cover page and the reference page are not included in the required assignment page length. The specific course learning outcomes associated with this assignment are: ·         Describe security concerns, tools, and techniques associated with Web servers and Web applications. ·         Identify the means of hacking Web browsers.  ·         Summarize the manner in which database servers and applications are compromised and examine the steps that can be taken to mitigate such risks (e.g., SQL injection). ·         Use technology and information resources to research issues in ethical hacking. ·         Write clearly and concisely about topics related to Perimeter Defense Techniques using proper writing mechanics and technical style conventions. Grading for this assignment will be based on answer quality, logic / organization of the paper, and language and writing skills, using the following rubric. Click here to view the grading rubric for this assignment.     Points: 80 Assignment 2: Web Application Attack Scenario Criteria   Unacceptable Below 60% F Meets Minimum Expectations 60-69% D   Fair 70-79% C   Proficient 80-89% B   Exemplary 90-100% A 1. Analyze the common threats to data systems such as Web applications and data servers. Next, speculate on the greatest area of vulnerability and potential for damage and / or data loss of such data systems (e.g., SQL injection, Web-based password cracking). Weight: 30% Did not submit or incompletely analyzed the common threats to data systems such as Web applications and data servers. Next, did not submit or incompletely speculated on the greatest area of vulnerability and potential for damage and / or data loss of such data systems (e.g., SQL injection, Web-based password cracking). Insufficiently analyzed the common threats to data systems such as Web applications and data servers. Next, insufficiently speculated on the greatest area of vulnerability and potential for damage and / or data loss of such data systems (e.g., SQL injection, Web-based password cracking). Partially analyzed the common threats to data systems such as Web applications and data servers. Next, partially speculated on the greatest area of vulnerability and potential for damage and / or data loss of such data systems (e.g., SQL injection, Web-based password cracking). Satisfactorily analyzed the common threats to data systems such as Web applications and data servers. Next, satisfactorily speculated on the greatest area of vulnerability and potential for damage and / or data loss of such data systems (e.g., SQL injection, Web-based password cracking). Thoroughly analyzed the common threats to data systems such as Web applications and data servers. Next, thoroughly speculated on the greatest area of vulnerability and potential for damage and / or data loss of such data systems (e.g., SQL injection, Web-based password cracking). 2. Devise one (1) attack scenario where a hacker could use the area of vulnerability that you chose in Question 1 in order to gain access to a network or sensitive data. Examine the primary ways in which the hacker could execute such an attack, and suggest the strategic manner in which a security professional could prevent the attack. Weight: 30% Did not submit or incompletely devised one (1) attack scenario where a hacker could use the area of vulnerability that you chose in Question 1 in order to gain access to a network or sensitive data. Did not submit or incompletely examined the primary ways in which the hacker could execute such an attack, and did not submit or incompletely suggested the strategic manner in which a security professional could prevent the attack. Insufficiently devised one (1) attack scenario where a hacker could use the area of vulnerability that you chose in Question 1 in order to gain access to a network or sensitive data. Insufficiently examined the primary ways in which the hacker could execute such an attack, and insufficiently suggested the strategic manner in which a security professional could prevent the attack. Partially devised one (1) attack scenario where a hacker could use the area of vulnerability that you chose in Question 1 in order to gain access to a network or sensitive data. Partially examined the primary ways in which the hacker could execute such an attack, and partially suggested the strategic manner in which a security professional could prevent the attack. Satisfactorily devised one (1) attack scenario where a hacker could use the area of vulnerability that you chose in Question 1 in order to gain access to a network or sensitive data. Satisfactorily examined the primary ways in which the hacker could execute such an attack, and satisfactorily suggested the strategic manner in which a security professional could prevent the attack. Thoroughly devised one (1) attack scenario where a hacker could use the area of vulnerability that you chose in Question 1 in order to gain access to a network or sensitive data. Thoroughly the primary ways in which the hacker could execute such an attack, and thoroughly suggested the strategic manner in which a security professional could prevent the attack. 3. Explore the primary role that the human element could play in adding to the attack scenario devised in Question 2. Give your opinion on whether or not the human component is critical in protection from that type of attack. Weight: 25% Did not submit or incompletely explored the primary role that the human element could play in adding to the attack scenario devised in Question 2. Did not submit or incompletely gave your opinion on whether or not the human component is critical in protection from that type of attack. Insufficiently explored the primary role that the human element could play in adding to the attack scenario devised in Question 2. Insufficiently gave your opinion on whether or not the human component is critical in protection from that type of attack. Partially explored the primary role that the human element could play in adding to the attack scenario devised in Question 2. Partially gave your opinion on whether or not the human component is critical in protection from that type of attack. Satisfactorily explored the primary role that the human element could play in adding to the attack scenario devised in Question 2. Satisfactorily gave your opinion on whether or not the human component is critical in protection from that type of attack. Thoroughly explored the primary role that the human element could play in adding to the attack scenario devised in Question 2. Thoroughly gave your opinion on whether or not the human component is critical in protection from that type of attack. 4. 3 references Weight: 5% No references provided Does not meet the required number of references; all references poor quality choices. Does not meet the required number of references; some references poor quality choices. Meets number of required references; all references high quality choices. Exceeds number of required references; all references high quality choices. 5. Clarity, writing mechanics, and formatting requirements Weight: 10% More than 8 errors present 7-8 errors present 5-6 errors present 3-4 errors present 0-2 errors present