Desklib: Study Material Library with Solved Assignments & Essays
Added on 2023-06-08
15 Pages2888 Words86 Views
Running head: ASSIGNMENT 1
ADVANCE SECURITY
STUDENT’S NAME
COURSE
UNIVERSITY
PROFESSOR
DATE
ADVANCE SECURITY
STUDENT’S NAME
COURSE
UNIVERSITY
PROFESSOR
DATE
2
Table of Contents
Question one: SQL, XML XSS...............................................................................................4
A. Defenses to protect against SQL injection attacks, XML injection attacks, and XSS....4
SQL attacks...........................................................................................................................4
B. Difficulties in preventing SQL, XML and XSS attacks.............................................5
C. Reasons why defences to prevent XSQL, XML XSS are difficult to implement.......5
c) Reasons why defences are not used extensively.............................................................5
Question two: data loss prevention.........................................................................................6
Data loss prevention products................................................................................................6
Symantec data loss prevention............................................................................................6
Features of Symantec data loss prevention.........................................................................6
Trustwave data loss prevention...........................................................................................6
Features of data loss prevention..........................................................................................6
Checkpoint data loss prevention.........................................................................................7
2b) Features of checkpoint data loss prevention....................................................................7
Features of trustwave data loss prevention.........................................................................7
Features of checkpoint data loss prevention.......................................................................7
Question 3..................................................................................................................................8
Advantages of HTTPS............................................................................................................8
Disadvantages of HTTPS.......................................................................................................8
Difference between HTTPS and HTTP..................................................................................9
Table of Contents
Question one: SQL, XML XSS...............................................................................................4
A. Defenses to protect against SQL injection attacks, XML injection attacks, and XSS....4
SQL attacks...........................................................................................................................4
B. Difficulties in preventing SQL, XML and XSS attacks.............................................5
C. Reasons why defences to prevent XSQL, XML XSS are difficult to implement.......5
c) Reasons why defences are not used extensively.............................................................5
Question two: data loss prevention.........................................................................................6
Data loss prevention products................................................................................................6
Symantec data loss prevention............................................................................................6
Features of Symantec data loss prevention.........................................................................6
Trustwave data loss prevention...........................................................................................6
Features of data loss prevention..........................................................................................6
Checkpoint data loss prevention.........................................................................................7
2b) Features of checkpoint data loss prevention....................................................................7
Features of trustwave data loss prevention.........................................................................7
Features of checkpoint data loss prevention.......................................................................7
Question 3..................................................................................................................................8
Advantages of HTTPS............................................................................................................8
Disadvantages of HTTPS.......................................................................................................8
Difference between HTTPS and HTTP..................................................................................9
3
How HTTPS protected you when you are connected you connect to a Wi-Fi.......................9
Reasons why web traffic should use HTTPS.........................................................................9
Question 4: cloud computing...................................................................................................10
a) Literature review.........................................................................................................10
b) Why they is need to consider cloud computing in an organization.................................10
technical limitation of cloud computing...............................................................................11
Question 5: cyber security........................................................................................................11
a) Cybersecurity interview...................................................................................................11
b) Summary of the interview:...............................................................................................13
c) Lesson learned from the interview...................................................................................13
References................................................................................................................................14
How HTTPS protected you when you are connected you connect to a Wi-Fi.......................9
Reasons why web traffic should use HTTPS.........................................................................9
Question 4: cloud computing...................................................................................................10
a) Literature review.........................................................................................................10
b) Why they is need to consider cloud computing in an organization.................................10
technical limitation of cloud computing...............................................................................11
Question 5: cyber security........................................................................................................11
a) Cybersecurity interview...................................................................................................11
b) Summary of the interview:...............................................................................................13
c) Lesson learned from the interview...................................................................................13
References................................................................................................................................14
4
Question one: SQL, XML XSS
A. Defenses to protect against SQL injection attacks, XML injection attacks, and XSS
SQL attacks
Roth, Gregory & Brandwin (2018) showed the following measures to prevent SQL attacks
Firewall: think of a web application firewall- this can be either hardware or a software
application that can help to get rid of malicious data. The important and safe once are
set to the default rules and make it flexible to add other rules whenever it is required.
A WAF may be useful in providing some security against the vulnerability.
Make use of suitable privileges- never connect to a database with the admin privileges
unless you have a genuine reason to do so.
Examine the SQL statements that come from your database.
XML attacks
Deactivate parsing of Inline DTDs- the Inline DTDs is a tool that is hardly used. Though
external attacks will remain a threat due to XML parsing libraries and do not deactivate this
tool by default.
Reduce the authorizations of web server process – execute most of your server processes with
only sanctions they need. Track the least privilege principle. This is protecting directories that
can be accessed in the file systems (EVANS &Flanagan 2018)
Question one: SQL, XML XSS
A. Defenses to protect against SQL injection attacks, XML injection attacks, and XSS
SQL attacks
Roth, Gregory & Brandwin (2018) showed the following measures to prevent SQL attacks
Firewall: think of a web application firewall- this can be either hardware or a software
application that can help to get rid of malicious data. The important and safe once are
set to the default rules and make it flexible to add other rules whenever it is required.
A WAF may be useful in providing some security against the vulnerability.
Make use of suitable privileges- never connect to a database with the admin privileges
unless you have a genuine reason to do so.
Examine the SQL statements that come from your database.
XML attacks
Deactivate parsing of Inline DTDs- the Inline DTDs is a tool that is hardly used. Though
external attacks will remain a threat due to XML parsing libraries and do not deactivate this
tool by default.
Reduce the authorizations of web server process – execute most of your server processes with
only sanctions they need. Track the least privilege principle. This is protecting directories that
can be accessed in the file systems (EVANS &Flanagan 2018)
End of preview
Want to access all the pages? Upload your documents or become a member.
Related Documents
Advanced E-Security: Defences against Injection Attacks, DLP Products, HTTPS, Cloud Services, and Cybersecurity Approacheslg...
|13
|2962
|321