Part#1
Web Application Attacks
Visit the Open Web Application Security Project (OWASP) Web site to research Web application attacks (https://www.owasp.org/index.php/Category:Attack)
• Choose one specific type of Web application attack, e.g. brute force, command execution, csrf, file inclusion, SQL Injection (blind), upload, and XSS stored.
- Research the attack using information from OWASP and *other* resources (e.g. textbooks, articles, and other Web sites)
- Write a plain English summary of what is attacked and how the attack works (write a description of it).
- Is your selected attack an attack against confidentiality, integrity, or availability? Explain your answer.
• What specific Web application vulnerability is attacked? (Hint: look for a Common Vulnerabilities and Exposure (CVE) number for the attack.)
Part#2
Advanced Persistent Threats (APTs)
Research advanced persistent threats (APT).
Identify and discuss three or more characteristics of an APT which make it extremely difficult to detect and remove APTs from networks and information systems connected to that network.
Part#3
Malicious Software
Microsoft provides a malicious software removal tool as part of its Windows Update service. The types of malware removed by this tool are listed on this Web page: https://www.microsoft.com/security/pc-security/malware-families.aspx
Choose one of the listed types or variants of malicious software that will be removed by the Microsoft tool (click on its link on the Web page listed above and then click on the Technical Details tab).
Discuss how your selected malware attacks a computer system and what the impact of an attack can be. (Address one or more of the following: confidentiality, integrity, and availability.)