Ask a question from expert

Ask now

Confidential Information Report | SQL Injection

4 Pages1282 Words164 Views
   

American Public University System

   

Database Security (ISSC 431)

   

Added on  2020-03-04

About This Document

SQL Injection is an insertion molest in which an assailant can accomplish malevolent SQL statements that control a web application’s record server. It is important for the information security professionals to know the laws that affect them because they are not only expected to be skilful enough to be able to manage the various security execution issues but also ensure that the company is made aware of those who are doing injustice to the organization.

Confidential Information Report | SQL Injection

   

American Public University System

   

Database Security (ISSC 431)

   Added on 2020-03-04

BookmarkShareRelated Documents
1.Examples of Confidential Information are social security number, intellectual property such as research activities, supplier contact list, customer list and terms of contracts. 2.SQL Injection is an insertion molest in which an assailant can accomplish malevolent SQL statements that control’s a web application’s record server. Thus it can be rightlysaid that SQL injection’s defencelessness could perhaps influence any website which employs the SQL based database(Acunetix 2016). This is one of the oldest susceptibility of the web based applications. 3.A buffer overflow is a common software coding mistake which occurs when excess information is made a part of the fixed length buffer than the same can manage. Due to this the adjoining reminiscence room gets infected and overwritten. Thus due a buffer overflow, the system may end up crashing down and a hacker can also run certain random code(DuPaul 2012). 4.It is important for the information security professionals to know the laws that affects them because they are not only expected to be skilful enough to be able to manage thevarious security execution issues but also ensure that the company is made aware of those who are doing injustice to the organization. Lastly, becoming aware of the laws would also deter them from attempting any kind of malicious acts against the organization. 5.Some other security models besides CIA triad are capability-based security, mandatory access control, protection ring, Bell-La Padula model and access control list.6.The four components of security documentation are enforcement which states how thesecurity documentation will be enforced and how would any kind of mishandles be dealt with, the user access to computer resources which also enables identification of the responsibilities of the users who are accessing the various computer resources, a good security profile and back up and recovery which is very crucial in case of exigencies (Albright, 2002). 7.A security architect, as the name says is accountable for the security counter methods of one or more systems, applications, components or centres. He is required to check and re-check the need for the security and thereby formulate and build up the security
Confidential Information Report | SQL Injection_1
architecture of the various applications, servers and data centres. He is also responsible for budding the safety instrument in the software building and guarantees the veracity of the architectures with respect to security and for helping the organization in implementing accepted strategies, actions, principles and procedures (Queensland Government Chief Information Office. 2017). 8.In the context of system and technology, authentication is a procedure that confirms the identity of a user. Authentication is said to start once a user makes efforts to get hold of the information. Thus it can be defined as identification of a person, basis the userid and password while entering any security system. Whereas authorisation is a defence method which is used to conclude user/client rights or admission levels associated to system resources. Thus it can be said to be a procedure wherein the user is either permitted or denied access to a security system ofan organization. Authorisation allows accessibility to only those resources which is apt to that particular user’s identity. Practically, authentication come first to authorisation for the purpose of identification of the user who is trying to access the resources. While conducting the process of authorisation, the system checks what access the authenticated user has been provided, basis which it grants or denies the access to the resources (Laskov, 2005). 9.The three commands for administering database object permissions are a)Grant Command: GRANT [privilege] ON [Object] TO [User] [WITH GRANT OPTION]b)Revoke Command: REVOKE [GRANT OPTION FOR] [permission] ON [object]FROM [user] [CASCADE]c)Deny Command: DENY [permission] ON [Object] TO [user] (Chapple 207)10.The best practice network architecture that should be sued for the databases that provide data via a web server to the internet is a trusted zone of one’s own. They should ensure in-bound associations from the web-servers only which should further be imposed at a firewall and on the systems.
Confidential Information Report | SQL Injection_2

End of preview

Want to access all the pages? Upload your documents or become a member.

Related Documents
Study Material on Information Security and Network Architecture
|4
|1322
|186

What Is Web Application Security and How Does It Work?
|9
|1856
|13

Network Security Fundamentals
|4
|659
|33

Cyber Defence For Business Analysis Report
|11
|1814
|11

Contemporary World Application 2022
|10
|541
|10

TRANSCRIPT Slide 2: There are a few limited mitigation
|2
|443
|57