1. Explain what SQL injections are and what they can do. (5 marks) 2. Find a...
Fantastic news! We've Found the answer you've been seeking!
Question:
Transcribed Image Text:
1. Explain what SQL injections are and what they can do. (5 marks) 2. Find a video on YouTube (and provide the link) or other referenced material, and learn how to attack an unprotected site with SQL injections - you may provide this link to other class members if you choose. How can you tell easily if a site is unprotected? Provide examples of the code and explain the process for extracting information. Why does this code work? - provide details. (20 marks) 3. Explain and provide code snippets that will protect a software application from SQL attacks for each of: ASP.NET, Java and PHP applications. (20 marks) 4. Most professionally created sites have protection against SQL injections. If a site doesn't have protection, it means that the site was developed by an amateur, or else that the developer felt that the security of the site was not critical. However, the security of every site is critical. For example, let's say a site was developed for some sort of a hobbyist's club and does not contain social insurance information or payment information. Even so, a hacker might find such as site very useful - why? What damage could be done? (5 marks) 1. URL manipulations can be used to perform SQL injections. They can also be used to bypass the security of web pages. How? (20 marks) 2. Using POST rather than GET can help avoid URL manipulations (why?). However, it still is not perfect - see next question. (10 marks) 3. What is encryption? (We will discuss this more in a future project). How can encryption be used to hide URL information? (10 marks) 4. What are back doors in software and operating systems? (A good fictional example of this was used in the movie War Games). Most developers would agree that leaving back doors in software is a bad idea, however it is very common, and there have been well publicized examples to do with both the Windows and UNIX operating systems. Why do developers leave back doors? Why can they almost not avoid leaving back doors? Give an example of a backdoor in an ASP.NET based web site that you might actually create while developing a web site? (10 marks) 1. Explain what SQL injections are and what they can do. (5 marks) 2. Find a video on YouTube (and provide the link) or other referenced material, and learn how to attack an unprotected site with SQL injections - you may provide this link to other class members if you choose. How can you tell easily if a site is unprotected? Provide examples of the code and explain the process for extracting information. Why does this code work? - provide details. (20 marks) 3. Explain and provide code snippets that will protect a software application from SQL attacks for each of: ASP.NET, Java and PHP applications. (20 marks) 4. Most professionally created sites have protection against SQL injections. If a site doesn't have protection, it means that the site was developed by an amateur, or else that the developer felt that the security of the site was not critical. However, the security of every site is critical. For example, let's say a site was developed for some sort of a hobbyist's club and does not contain social insurance information or payment information. Even so, a hacker might find such as site very useful - why? What damage could be done? (5 marks) 1. URL manipulations can be used to perform SQL injections. They can also be used to bypass the security of web pages. How? (20 marks) 2. Using POST rather than GET can help avoid URL manipulations (why?). However, it still is not perfect - see next question. (10 marks) 3. What is encryption? (We will discuss this more in a future project). How can encryption be used to hide URL information? (10 marks) 4. What are back doors in software and operating systems? (A good fictional example of this was used in the movie War Games). Most developers would agree that leaving back doors in software is a bad idea, however it is very common, and there have been well publicized examples to do with both the Windows and UNIX operating systems. Why do developers leave back doors? Why can they almost not avoid leaving back doors? Give an example of a backdoor in an ASP.NET based web site that you might actually create while developing a web site? (10 marks)
Expert Answer:
Related Book For
Posted Date:
Students also viewed these algorithms questions
-
Planning is one of the most important management functions in any business. A front office managers first step in planning should involve determine the departments goals. Planning also includes...
-
Let A, B be sets. Define: (a) the Cartesian product (A B) (b) the set of relations R between A and B (c) the identity relation A on the set A [3 marks] Suppose S, T are relations between A and B, and...
-
Taylors 2022 health insurance premiums of $7,800 are paid by her employer. During 2022, Taylor requires surgery on her vocal chords. The cost of the surgery is $10,000 and Taylors insurance covers...
-
Consider the following tableau. There are 5 facilities that ship to 4 locations. The supply from the facilities and the demands for the locations are specified. Use the transportation method to...
-
A smoking researcher is interested in estimating the average age when cigarette smokers first began to smoke. Taking a random sample of 25 smokers, she determines a sample mean of 16.8 years and a...
-
Three wires meet at a junction. Wire 1 has a current of \(0.40 \mathrm{~A}\) into the junction. The current of wire 2 is \(0.65 \mathrm{~A}\) out of the junction. (a) How many electrons per second...
-
Petoskey Company produces three products: Alanson, Boyne, and Conway. A segmented income statement, with amounts given in thousands, follows: Direct fixed expenses consist of depreciation and plant...
-
Assuming Stock B is the market portfolio; Stock A Stock B Stock C Expected Return 0.032123 0.021519 0.011348 Variance 0.00175860 0.00114550 0 COV(AB) 0.00245250 If you believe the CAPM is valid, what...
-
The majority of forensic accounting practice involves the valuation of some type of damages or value of a business. Economic damages are a salient service provided by forensic accountants. Lost...
-
On December 31, 20x7, PA. Inc. purchased 90 percent of S Company for 240,000 cash. The Balance Sheet of each corporation just prior to the acquisition is presented below. Additionally, book value and...
-
Compare the idea of what it means to be human using the film, ''About Time'' and comparing that idea against another example from another work of art (painting, photography, poem, literature, film,...
-
Final Term Paper (based on case studies and scenarios) Please prepare a presentation based on a case study involving major professional practice and ethics violations. The case study can be one of...
-
Last week, the local newspaper mortgage rate column reported that the rate for a 30-year fixed-rate mortgage was 3.88 percent, while the rate for a 7-year balloon payment mortgage was 3.45 percent...
-
Two objects, A and B, initially at rest, are "exploded" apart by the release of a coiled spring that was compressed between them. As they move apart, the velocity of object A is 5 m/s and the...
-
Think of a problem encountered in the past by a group of which you are a member. Begin your analysis by defining the group. What type of group was it? At what stage of development was the group? And...
-
1 1. Evaluate // Tr2 + 12)n/2dA, where n is an integer and D is the region bounded by the circles with the origin as center and radii a and b with 0 < a < b. For what values of n does this integral...
-
Write a paper detailing a geographic information system (GIS) of your own design that would utilize data in an original manner.
-
Schematic diagrams of the Los Angeles basin are shown in Figure P1-2B. The basin floor covers approximately 700 square miles (2 10 10 ft 2 ) and is almost completely surrounded by mountain ranges....
-
The following elementary reaction is to be carried out in the liquid phase NaOH+CH3COOC2H5CH3COONa++C2H5OH The initial concentrations are 0.2 M in NaOH and 0.25 M in CH 3 COOC 2 H 5 with k = 5.2 10...
-
The elementary, irreversible, organic liquid-phase reaction A + B C is carried out adiabatically in a flow reactor. An equal molar feed in A and B enters at 27C, and the volumetric flow rate is 2 dm...
-
Which mechanism of bacterial genetic transfer does not require recombination with the bacterial chromosome?
-
Explain why small deletions and duplications are less likely than large ones to have a detrimental effect on an individuals phenotype. If a small deletion within a single chromosome happens to have a...
-
Explain why inversions and reciprocal translocations do not usually cause a phenotypic effect. Then explain how they can do so in certain cases.
Study smarter with the SolutionInn App