Web and Database Attacks Responses
Provide (2) 150 words response with a minimum of 1 APA references for RESPONSES 1 AND 2 below. Response provided should further discuss the subject or provide more insight. To further understand the response, below is the discussion post that’s discusses the responses. 100% original work and not plagiarized. Must meet deadline.
Describe at least three web server vulnerabilities and how they are typically exploited.
For this week, I want to mention and briefly describe three different attacks and why I think they are some of the more commonly used attacks. I do not know the actual answer for which attacks are used the most, but these are commonly used attacks. The first one would be SQL attacks or injections. This was used much more in the past where most web sites did not know how to prevent these from happening. Now most web sites use input validation to prevent SQL injections, but you can still use SQL to attack. When you do a SQL injection, you are inputting code normally with the attempt to either create, alter, delete, or crash that area.
The second one I will mention, I believe is probably most commonly used and that is user errors. You can exploit a vulnerability, by exploiting the biggest vulnerability, which is people. This could be done by phishing or other methods where you could gain access through users misuse or pretending to be higher level workers within a company to obtain information or credentials that you should not have. I understand that this may not be considered a web server vulnerability, but I think it could be considered one.
The last web server vulnerability I would say is when there are errors in the script. When a website is established, there is a script or several written for that website. There are more than likely errors in the script, no matter how good you are at writing script, you will likely have errors, which is why you should test your scripts. More times than not, you will have errors that malicious users could exploit to gain access to your network.
The three web server vulnerabilities that I will be discussing are SQL injection, cross-site scripting (XSS), and distributed denial of service attacks (DDoS).
A SQL injection is a code that is typically used to access information that is not intended for the public (Imperva, 2020). According to Imperva, “… information may include any number of items, including sensitive company data, user lists or private customer details (2020). A way that it can be exploited is by manipulating the query and receiving different information that what was searched (Prodromou, 2019).
The XSS can be sent to another user and disguise itself as a trusted site. Sensitive information can be accessed when the XSS is injected into the other user (KristenS, n.d.)
A DDoS attack is typically done when it overwhelms a system with internet traffic. The overflowing amount of internet traffic interrupts servers, networks and services (Cloudflare, 2020). The attacker must gain control of the network they want to target in order to successfully attack.
Clouddlare. (2020). “What is a DDoS attack?”. Retrieved from https://www.cloudflare.com/learning/ddos/what-is-a-ddos-attack/
Imperva. (2020). “What is SQL Injection”. Retrieved from https://www.imperva.com/learn/application-security/sql-injection-sqli/
KristenS. (n.d.). “Cross Site Scripting (XSS)”. Retrieved from https://owasp.org/www-community/attacks/xss/
Prodromou, A. (2019). “Exploiting SQL Injection: a Hands-on example”. Retrieved from https://www.acunetix.com/blog/articles/exploiting-sql-injection-example/