Add or Comment

Question:

Most cyber-attacks happen because vulnerabilities in system or application software. Buffer Overflow, SQL Injection, Code/OS Command Injection, Cross-Site Scripting (XSS), Cross-Site Request Forgery and Race Conditions are very common vulnerabilities. (Refer to both NIST/DHS and MITRE databases of common vulnerabilities (http://nvd.nist.gov/cwe.cfm; http://cwe.mitre.org/top25/).) For this conference, explain what a specific vulnerability is, describe a famous attack that leveraged it (For example, the Morris worm leveraged the buffer overflow vulnerability), and how it can be prevented/minimized. Your post can either discuss a vulnerability that has not been discussed, or expand upon what someone has already posted. I encourage multiple postings by an individual. Try not to repeat what is already posted.

Answer:

A software vulnerability to consider is an SQL injection, describe as a literal injection of code, the intention is to infiltrate the database and its information. When the inputs in the computer system are not entered accurately then it is easy for this injection to be inserted into the code. Thus, making it easier for the hacker to access the information really easily. The most common flaw in a computer system that make it susceptible to the threat of vulnerabilities has to do with incorrect input. If they arent entered correctly, then the processing is also thrown off, leading to multiple vulnerabilities having room to cause havoc on the system. An example of this vulnerability as its applied to an actual case would be the heist led out by Albert Gonzalez, in New York City. Stealing numerous credit cards and debit cards, it was the largest credit card breach in history carried out by Gonzalez. His crime was to hack the database, and once the secure information linked to credit cards was in his possession. Then he would release the information into the black market. As the database was the main target, the method of attack used was the SQL injection. By utilizing this method of attack, a structure query language, operational control of the database is achieved. If the data inputs are entered incorrectly, then by entering this injection the information entered can be malformed and mutate the inputs. Once the database is infiltrated, then more control is given.

A couple of ways to prevent SQL injection attacks would include, using a web application firewall, or limiting database privileges by context, or by regularly applying software patches. For using a web application firewall, dangerous web requests are accounted for and have to be filtered through, and the specific SQL injection defenses hone in on the filtration of the injections attempting to sneak through. As for the prevention method of regularly applying software patches, patching can maintain the integrity of the system by being updated appropriately. One of the key prevention methods would include the limitation of database privileges. This is due to the fact that the direct system being targeted ,when a hacker launches an SQL injection, is the database. Therefore, in creating multiple database user accounts with the minimum levels of privilege for their usage environment would cause a breach to not compromise the database as a whole (Weiss 2016).