We use cookies to give you the best experience possible. By continuing we’ll assume you’re on board with our cookie policy

SQL injection

The whole doc is available only for registered users

A limited time offer! Get a custom sample essay written according to your requirements urgent 3h delivery guaranteed

Order Now

1 What is brute force attack and how can the risks of these attacks be mitigated. It is a cryptanalytic attack that can be used against any encrypted data. It can be mitigated by choosing suitable passwords and putting in place lockouts that restrict access after x number of failed login attempts will significantly assist in reducing the risk of brute-force attacks.

2. Explain a scenario where a hacker may use Cross Site Request Forgery (CRFS) to perform authorized transactions. If you are on a bad site such as a bad movie upload page or a smut website the hacker can use that to pass false authorization.

3. What is the proper way to prevent XSS attack?

4. If an attacker wishes to place a phishing page on a website, what is a common vulnerability that can be exploited to successfully do this? Criminals often use social engineering along with vulnerabilities in applications such as web browsers or email clients to trick users into installing malicious code on their computer.

5. What can be the impact of a successful SQL injection?

A successful SQL injection exploit can read sensitive data from the database, modify database data (Insert/Update/Delete), execute administration operations on the database, and recover the content of a given file present on the DBMS file system and in some cases issue commands to the operating system.

6. What is the difference with a blind SQL injection attack from a normal SQL injection attack? The only difference being the way the data is retrieved from the database.

7. Why are stored XSS vulnerabilities a major risk for web applications Cross-Site Scripting is a type of injection problem in which malicious scripts (vb, js etc.) are into a trusted web site. XSS flaws occur whenever an application takes untrusted (typically user supplied) data and sends it invalidated to a web browser. XSS allows attackers to execute script in the victim’s browser and the malicious script can access any cookies, session tokens, or other sensitive information retained by our browser. Used with that site, they can even rewrite the content of the HTML page. It basically exploits the trust that a client browser has for the website.

8. What would the following url being quede in your web logs be an indication of http://www.testurl.com/ ../ ../ ../ ../ ../ ../ ../ etc/psddwd? Would be an indication of someone attempting to access your server’s password file.

9. How would you ensure security between a web application and an SQL server. Use secure authentication, such as Windows authentication, that does not send passwords over the network. Encrypt SQL Server authentication credentials. If you use SQL Server authentication, you can encrypt credentials automatically by installing a server certificate on the database server. Secure communication channels. Options include using Secure Sockets Layer (SSL) or Internet Protocol Security (IPSec). Use remote procedure call (RPC) encryption with Enterprise Services applications. Use a segmented network, which can isolate eavesdropping to compromised segments. Use the HttpChannel and SSL with .NET Remoting.

10. What is a benefit of using a web application firewall (WAF)? Application attacks can be stopped before reaching webserver by filtering traffic. A network infrastructure solution can be provided for a software security problem Resources normally dedicated to securing the code can be devoted to other security threats.

Related Topics

We can write a custom essay

According to Your Specific Requirements

Order an essay
Materials Daily
100,000+ Subjects
2000+ Topics
Free Plagiarism
All Materials
are Cataloged Well

Sorry, but copying text is forbidden on this website. If you need this or any other sample, we can send it to you via email.

By clicking "SEND", you agree to our terms of service and privacy policy. We'll occasionally send you account related and promo emails.
Sorry, but only registered users have full access

How about getting this access

Your Answer Is Very Helpful For Us
Thank You A Lot!


Emma Taylor


Hi there!
Would you like to get such a paper?
How about getting a customized one?

Can't find What you were Looking for?

Get access to our huge, continuously updated knowledge base

The next update will be in:
14 : 59 : 59