Web Security Issues

Topics: Cross-site scripting, HTTP cookie, Hypertext Transfer Protocol Pages: 3 (911 words) Published: April 23, 2011
This paper will discuss methods to address client security issues. It will include ways that a Website can be attacked by malicious users. It will discuss how Java script insertion, SQL insertion, hidden field manipulation, header manipulation, and cookies may be used by malicious users. It will discuss how worms and viruses can be introduced to a Website, and the most common method to ensure client security. SQL Insertion Attacks

SQL injection is a type attack where harmful code is attached to strings that are passed to SQL Server to be run. All procedures that build SQL statements need to be examined for possible ways of exploitation because SQL Server will run any query it receives, as long as it makes sense to the server. Even data that has parameters may be used by an attacker. The injection is done by ending a string consisting of text early and giving a new command. Because the inserted command may have other strings added to it before it is ran, the harmful code stops the injected string and adds a comment mark "--". Once the command is run, any text that follows is ignored (MSDN, 2010). Java Script Insertion Attacks

Whenever a web site accepts and redisplays input from a user, it becomes accessible to Java script injection attacks. Malicious attackers can do some heavy damage by injecting JavaScript into a website. JavaScript injection attacks can be used to launch a Cross-Site Scripting (XSS) attack. In this type of attack, private information is stolen and sent to another website. Attackers can also use java script insertion to steal values from browser cookies. If private information such as social security numbers, bank account numbers, or passwords is stored within the cookies, it can be stolen. Java script insertion attacks can also be used to steal form field data that a user may fill out and send it to another web site (Microsoft, 2010). Hidden Field Manipulation

Hidden fields are encoded into HTML forms to keep values that are to be sent...

References: Fortify (2010). Header Manipulation. Retrieved October 16, 2010, from
https://www.fortify.com/vulncat/en/vulncat/php/header_manipulatio html
Imperva (2010). Cookie Poisoning. Retrieved October 16, 2010, from
http://www.imperva.com/resources/glossary/cookie_poisoning.html
Knowledge Base (2010). About Viruses, Worms, and Trojan Horses.
Retrieved October 16, 2010, from http://kb.iu.edu/data/aehm.html
Microsoft (2010). Preventing JavaScript Injection Attacks. Retrieved
October 16, 2010, from http://www.asp.net/mvc/tutorials/preventing-javascript-injection-attacks-cs
MSDN (2010). SQL Injection. Retrieved October 16, 2010, from
http://msdn.microsoft.com/en-us/library/ms161953.aspx
Sanctum (2002). Ethical Hacking Techniques to Audit and Secure Web-
enabled Applications
Continue Reading

Please join StudyMode to read the full document

You May Also Find These Documents Helpful

  • Web Security Issues Essay
  • Web Security Essay
  • Web Security Essay
  • Essay about Web 401 Security Memo
  • Handling Security And Ethical Issues IT Essay
  • E-Commerce: Issues of Security and Privacy Essay
  • Web Security Life Cycle Essay
  • Web Application Security Essay

Become a StudyMode Member

Sign Up - It's Free