Web Security Issues

Only available on StudyMode
  • Topic: Cross-site scripting, HTTP cookie, Hypertext Transfer Protocol
  • Pages : 3 (911 words )
  • Download(s) : 143
  • Published : April 23, 2011
Open Document
Text Preview
This paper will discuss methods to address client security issues. It will include ways that a Website can be attacked by malicious users. It will discuss how Java script insertion, SQL insertion, hidden field manipulation, header manipulation, and cookies may be used by malicious users. It will discuss how worms and viruses can be introduced to a Website, and the most common method to ensure client security. SQL Insertion Attacks

SQL injection is a type attack where harmful code is attached to strings that are passed to SQL Server to be run. All procedures that build SQL statements need to be examined for possible ways of exploitation because SQL Server will run any query it receives, as long as it makes sense to the server. Even data that has parameters may be used by an attacker. The injection is done by ending a string consisting of text early and giving a new command. Because the inserted command may have other strings added to it before it is ran, the harmful code stops the injected string and adds a comment mark "--". Once the command is run, any text that follows is ignored (MSDN, 2010). Java Script Insertion Attacks

Whenever a web site accepts and redisplays input from a user, it becomes accessible to Java script injection attacks. Malicious attackers can do some heavy damage by injecting JavaScript into a website. JavaScript injection attacks can be used to launch a Cross-Site Scripting (XSS) attack. In this type of attack, private information is stolen and sent to another website. Attackers can also use java script insertion to steal values from browser cookies. If private information such as social security numbers, bank account numbers, or passwords is stored within the cookies, it can be stolen. Java script insertion attacks can also be used to steal form field data that a user may fill out and send it to another web site (Microsoft, 2010). Hidden Field Manipulation

Hidden fields are encoded into HTML forms to keep values that are to be sent...
tracking img