Answered step by step
Verified Expert Solution
Link Copied!

Question

1 Approved Answer

CASE STUDY Flywell, an Airline company, recently experienced an SQL injection attack. The attack exploited a vulnerability in the web application that allow users to

CASE STUDY

Flywell, an Airline company, recently experienced an SQL injection attack. The attack exploited a vulnerability in the web application that allow users to connect to its Oracle Database. The SQL injection was embedded in the web URL which triggered the dynamic SQL statements in the website HTML to send a request to the database for access to the table that contains the web administrator's login details. The SQL injection also left a backdoor in the database system that sends a log of the database structure and each updated file to the attacker. Furthermore, the database server instance component was compromised as the attacker took control of the server and would not allow anyone (even legitimate users access to the web server).

The Oracle Database was linked to one SQL database and another Microsoft SQL Server. The SQL database was used for authenticating users on the database server while the Microsoft SQL Server was used to grant access to client machines with a Windows operating system. Both two databases were compromised and the links to the Oracle Database were severed.

 

Question 1: 

Explain with specific examples linked to the case scenario, how the Airline could have prevented the attack. Your answer should include

1.1  A detailed explanation of how the Airline could have identified the vulnerabilities within the database environment.

1.2  You should also include the steps and processes that the Airline should have carried to identify any potential threats in the database environment.

1.3 You should also explain the defense mechanisms that the Airline should have adopted once the vulnerabilities/threats had been identified.

Step by Step Solution

There are 3 Steps involved in it

Step: 1

blur-text-image

Get Instant Access to Expert-Tailored Solutions

See step-by-step solutions with expert insights and AI powered tools for academic success

Step: 2

blur-text-image_2

Step: 3

blur-text-image_3

Ace Your Homework with AI

Get the answers you need in no time with our AI-driven, step-by-step assistance

Get Started

Recommended Textbook for

Principles Of Information Security

Authors: Michael E. Whitman, Herbert J. Mattord

7th Edition

035750643X, 978-0357506431

More Books

Students also viewed these Databases questions