Assignment
As the information technology (IT) team is starting to develop the Web application database, you notice that usernames and passwords are being created. You want to ensure that the IT team is familiar with the confidentiality, integrity, and availability (CIA) triangle as well as the authentication and authorization concept.
Complete the following for this assignment:
• Describe the CIA triangle and the authentication and authorization concept.
• What steps does IT team need to execute to ensure the security of the user accounts?
• Why are these steps needed to maintain the security of the user accounts?
• What happens in the real world when certain steps are not executed properly?
You have provided the team ways to check for vulnerabilities, but now the team is requesting information on how intruders gather information to exploit these vulnerabilities and the best way to prevent exploitations.
Complete the following:
• List and describe the type of information that an intruder gathers and why it is useful.
• Once the intruder gets this information, describe different exploits that can take place.
• You must also let the team know the best way to mitigate these exploits.
• Research the nature of a recent high-profile breach, and summarize the lessons to be learned.
The information technology (IT) team has created a production Web application with a select amount of users that are using it. You are in the processing of creating a security database audit that includes several concentrations such as server maintenance, account administration, access control, data privileges, passwords, encryption, and activity. Complete the following:
• Describe each concentration, and list 3 audit checks for each.
• Using the activity concentration, explain how you can identify a security breach during the database security audit.
Provide an outline or a simple first draft for your Key Assignment for this course. The assignment is provided below and is restated in the Phase 5 Individual Project.
Consider the two vulnerabilities: Structured query language (SQL) injection and cross-site scripting. Complete the following:
• Research these topics, and find 2 examples of breaches for each.
• Provide a brief explanation in your own words for what these vulnerabilities entail.
• Summarize the breaches in terms of the damage to the businesses and the specifics of the attacks.
o What could have and should have been done to prevent the breaches?
o What could have and should have been done to mitigate the resulting damage?
Using the outline and draft that you created in Phase 4, provide your final version of the assignment.
Consider the two vulnerabilities: Structured query language (SQL) injection and cross-site scripting. Complete the following:
• Research these topics, and find 2 examples of breaches for each.
• Provide a brief explanation in your own words for what these vulnerabilities entail.
• Summarize the breaches in terms of the damage to the businesses and the specifics of the attacks.
o What could have and should have been done to prevent the breaches?
o What could have and should have been done to mitigate the resulting damage?