This paper will discuss methods to address client security issues. It will include ways that a Website can be attacked by malicious users. It will discuss how Java script insertion, SQL insertion, hidden field manipulation, header manipulation, and cookies may be used by malicious users. It will discuss how worms and viruses can be introduced to a Website, and the most common method to ensure client security. SQL Insertion Attacks
SQL injection is a type attack where harmful code is attached to strings that are passed to SQL Server to be run. All procedures that build SQL statements need to be examined for possible ways of exploitation because SQL Server will run any query it receives, as long as it makes sense to the server. Even data that has parameters may be used by an attacker. The injection is done by ending a string consisting of text early and giving a new command. Because the inserted command may have other strings added to it before it is ran, the harmful code stops the injected string and adds a comment mark "--". Once the command is run, any text that follows is ignored (MSDN, 2010). Java Script Insertion Attacks
Hidden fields are encoded into HTML forms to keep values that are to be sent...
References: Fortify (2010). Header Manipulation. Retrieved October 16, 2010, from
Imperva (2010). Cookie Poisoning. Retrieved October 16, 2010, from
Knowledge Base (2010). About Viruses, Worms, and Trojan Horses.
Retrieved October 16, 2010, from http://kb.iu.edu/data/aehm.html
MSDN (2010). SQL Injection. Retrieved October 16, 2010, from
Sanctum (2002). Ethical Hacking Techniques to Audit and Secure Web-
Please join StudyMode to read the full document