This paper is an example of what is expected for the writing assignments in this class. It contains all of the required elements, as well as well thought out and well written content.
Name
: Ben Dover
Case Number
: 3-14159265
Case Title
: Injection Attacks or How I Spent My Summer Vacation
Injection attacks are a very common network attack and they come in a
variety of ways such as SQL injection, XML injection and XSS. There are
many ways to defend against these attacks. Let’s look at a few methods and
see how difficult they are to implement.
Defending against an SQL injection turns out to not be that difficult. One
way to start is to implement comprehensive data sanitation on any input
data. This means the website should filter all input fields to make sure
only the right characters are allowed in each field. A second way to add
defense is to add a web application firewall. This adds a complicated set
of rules that help filter out any malicious web requests made against the
network. By adding these two defenses you can significantly decrease your
chances of SQL attacks. Now there are more ways to defend against SQL
attacks of course but these are two common ways.
Defending against XML injection attacks is similar to defending against SQL
injection attacks. You also should be sanitizing all input data for the
website and only allow the correct characters in the corresponding input
fields. Another common defense is to use the libxml_disable_entity_loader()
function which stops the use of external entity resolution. This usually
stops most XML attacks.
To defend against XSS attacks sanitation of data is also required. The
website must sanitize all fields where data is inputted by users to detect
any malicious lines of text. A few tools to check to see if you are
protected are XSS. Me if you use Firefox or domsnitch if you use Google
Chrome. This will tell you any vulnerabilities you have on your site for
XSS attacks. Another method for defense against XSS attacks is to use a
user’s IP address as connect them to cookie credentials so the cookies of
users of the website cannot be abused.
Overall, the defenses for SQL injections, XML injections and XSS are all
pretty similar and involve the sanitation of input data. Each method is
also fairly simple to implement which is good news since these attacks are
all very common. A simple sanitation program and a firewall and you are on
your way to a much safer website but don’t forgot about the all the other
methods of attacks.
References
Weiss, Aaron. (16 Aug. 2012) “How to Prevent SQL Injection Attacks
.” ESecurity Planet. Retrieved 15 Oct. 2013 from:
http://www.esecurityplanet.com/hackers/how-to-prevent-sql-injection-attacks.html
Brady, Padraic. (2013) “ Injection Attacks — Survive The Deep End: PHP Security.” Retrieved
15 Oct. 2013 from:
http://phpsecurity.readthedocs.org/en/latest/Injection-Attacks.html