CS150 – Computer Security: Sample Paper 1

This paper is an example of what is expected for the writing assignments in this class. It contains all of the required elements, as well as well thought out and well written content.

Name : Ben Dover

Case Number : 3-14159265

Case Title : Injection Attacks or How I Spent My Summer Vacation

Injection attacks are a very common network attack and they come in a variety of ways such as SQL injection, XML injection and XSS. There are many ways to defend against these attacks. Let’s look at a few methods and see how difficult they are to implement.

Defending against an SQL injection turns out to not be that difficult. One way to start is to implement comprehensive data sanitation on any input data. This means the website should filter all input fields to make sure only the right characters are allowed in each field. A second way to add defense is to add a web application firewall. This adds a complicated set of rules that help filter out any malicious web requests made against the network. By adding these two defenses you can significantly decrease your chances of SQL attacks. Now there are more ways to defend against SQL attacks of course but these are two common ways.

Defending against XML injection attacks is similar to defending against SQL injection attacks. You also should be sanitizing all input data for the website and only allow the correct characters in the corresponding input fields. Another common defense is to use the libxml_disable_entity_loader() function which stops the use of external entity resolution. This usually stops most XML attacks.

To defend against XSS attacks sanitation of data is also required. The website must sanitize all fields where data is inputted by users to detect any malicious lines of text. A few tools to check to see if you are protected are XSS. Me if you use Firefox or domsnitch if you use Google Chrome. This will tell you any vulnerabilities you have on your site for XSS attacks. Another method for defense against XSS attacks is to use a user’s IP address as connect them to cookie credentials so the cookies of users of the website cannot be abused.

Overall, the defenses for SQL injections, XML injections and XSS are all pretty similar and involve the sanitation of input data. Each method is also fairly simple to implement which is good news since these attacks are all very common. A simple sanitation program and a firewall and you are on your way to a much safer website but don’t forgot about the all the other methods of attacks.


References

Weiss, Aaron. (16 Aug. 2012) “How to Prevent SQL Injection Attacks .” ESecurity Planet. Retrieved 15 Oct. 2013 from: http://www.esecurityplanet.com/hackers/how-to-prevent-sql-injection-attacks.html

Brady, Padraic. (2013) “ Injection Attacks — Survive The Deep End: PHP Security.” Retrieved 15 Oct. 2013 from: http://phpsecurity.readthedocs.org/en/latest/Injection-Attacks.html