Poorly designed web application code is a serious security risk. One of the code
ID: 3812130 • Letter: P
Question
Poorly designed web application code is a serious security risk. One of the code items that is frequently exploited by fraudsters to pivot across an organization's internal network is the Web.cfg file - in this file non security minded programmers often leave the User ID and password for connecting to the associated database in plaintext. write a 1 page summary in APA format (Times New Roman Font, double spaced, parenthetical citations) that explains to a non-IT person what this attack is, how it works and how to prevent it. A cover page and abstract are NOT required, but references are required.
Explanation / Answer
The Network attack means our confidential information will be stolen by another person using our password. These attackers are also called as hackers. When we submit any information to the server, attackers may get interrupt in between server, stolen our details and send response to us. We think that response came from server but actually our network will get hacking by these attackers[2]. They communicate with us and getting all details about us.
There are different types of attacks.
1. DOS Attacks Denial of Service
(this attack is not preventing, But attacker directly get attention)
Example: Flooding Attacks, Disassociation Attacks
2. Disclosure Attacks Reading/Revealing Information
Example: MITM Attacks
3. Modification Attacks Changing Information
Example: When we change the password.
4. Destructive Attacks
5. Escalation of Privilege
your network security can maintain integrity, confidentiality and availability, if you have Internet access applications, then your application at high risk[1]. Hackers gain access to networks and databases by using application-layer attacks, often with a privileged system-level account. To remove this risk, use firewalls and routers and your databases protected by layering your defenses to segment resources with different security requirements[3], It is also important to install by your application vendors any security patches or updates that have been released.
References:
1. www.sciencedirect.com
2. http://nsrcorg/workshops/
3. https://www.cl.cam.ac.uk/~rja14/Papers/SEv2-c21.pdf