Assignment: Web Application Attack Scenario
Suppose that you are currently employed as an Information Security Manager for a medium-sized software development and outsourcing services company.
The Software Development Director has asked you to provide a detailed presentation for her department regarding the most common Web application threats and the manner in which their products could compromise customer financial data.
The products in question use Microsoft SQL Server databases and IIS Web servers.
She has asked you to provide a report for her review before she schedules the presentation.
Write a two to four (2-4) page paper in which you:
Analyze the common threats to data systems such as Web applications and data servers.
Next, speculate on the greatest area of vulnerability and potential for damage and / or data loss of such data systems (e.g., SQL injection, Web-based password cracking).
Devise one (1) attack scenario where a hacker could use the area of vulnerability that you chose in Question 1 in order to gain access to a network or sensitive data.
Examine the primary ways in which the hacker could execute such an attack, and suggest the strategic manner in which a security professional could prevent the attack.