I need help with an ethical hacking class to Describe cross-site scripting (CSS), cross-site request forgery (CSRF), buffer overflow, and structured query language (SQL) injection attacks With this
Compare cross-site scripting (CSS) and cross-site request
forgery (CSRF).
In cross-site scripting, the authentication session not required.
It is exploited directly when the website becomes vulnerable for
security breaches whereas CSRF happens in the authenticated
sessions when the server trusts the browser or user.
In CSS, the server does not validate the input. The attackers send the input in any forms like request parameters, cookies, URL parameters etc.
In CSRF, with the sessions, the information can be exploited.
In CSRT, authentical tokens exploited whereas in CSS you do spoofing.
Compare buffer overflow and structured query language (SQL)
injection attacks.
A buffer overflow happens when the data supplied to the data
structure more than allotted. It cannot handle the data since the
buffer is full, it causes a data overflow to adjacent memory
locations. The main reason for the buffer overflow attack is not
checking the buffer overflow. An attacker can inject the code into
adjacent memory locations through the overflow.
SQL injection
In SQL injection malicious code is being injected into the database
to update/retrieve the data from unauthorized access.
The main difference between SQL injection and buffer overflow is SQL injection takes the advantages of inserting malicious code into database whereas buffer overflow uses a malicious code in the front end to get access.
Which attacks are used by hackers to attack database management
systems?
The main attack that attackers use for a database is SQL injection.
In SQL injection takes advantage of inserting malicious code into a
database. The main reason for this attack is lack of validation is
being performed in the front-end as well as in the back-end.
Privilege Escalation
In this attack, with the provided privileges, additional privileges
are granted based on the loopholes exist in the database.
Encryption
Storing the passwords and other confidential information directly
in the database without crypto techniques and making use of own
user-defined mechanisms.
I need help with an ethical hacking class to Describe cross-site scripting (CSS), cross-site request forgery...
Most cyber-attacks happen because vulnerabilities in system or application software. Buffer Overflow, SQL Injection, Code/OS Command Injection, Cross-Site Scripting (XSS), Cross-Site Request Forgery and Race Conditions are very common vulnerabilities. (Refer to both NIST/DHS and MITRE databases of common vulnerabilities (http://nvd.nist.gov/cwe.cfm; http://cwe.mitre.org/top25/).) For this conference, explain what a specific vulnerability is, describe a famous attack that leveraged it (For example, the Morris worm leveraged the buffer overflow vulnerability), and how it can be prevented/minimized. Your post can either discuss a...
Define: 1. Cryptography – asymmetric vs. symmetric, examples of modern cryptographic systems (protocols) use which? 2. Block ciphers – how they work, examples and best uses 3. Encryption vs. Hashing, how they work to together – which areas in the security triad do they satisfy? 4. How do embedded systems affect security? 5. Ethics and white hat hacking 6. Legal/ethical issues with running some tools “in the wild” 7. Role of routers/firewalls in security 8. DMZ role in security 9....
ChangeRequest(CRID, CRType, CRTitle, CROriginDate, CRPriority, CRNeedEvent, CRStatus) NeedByEvent(Event) CRPrevState(CRID, CRState, StartDate, EndDate) CRAssigned(CRID, EmpID, StartDate, EndDate) Employees(EmpID, FirstName, LastName, JobTitle) ChangeRequest(CRID, CRType, CRTitle, CROriginDate, CRPriority, CRNeedEvent, CRStatus) The CRID is the primary key, it is unique, and it is an positive integer The CRType may be one of two values: "Deficiency" or "Enhancement" CRTitle is a variable length string that may be up to 2048 characters CROriginDate is a date CRPriority is an integer that may assume a value of...