CS 3340 Discussion Assignment Unit 5 Part 9

.docx

School

University of the People *

*We aren’t endorsed by this school

Course

3340

Subject

Information Systems

Date

Jan 9, 2024

Type

docx

Pages

3

Uploaded by DeanRose20668

Report
by Leonard Van Gend - Sunday, 17 December 2023, 1:31 PM Hi Everyone! I hope you all are still enjoying learning about Systems and Application Security! This course is helping me see how I need to think dierently about software security! For this week’s discussion forum post, we need to discuss Cross-site Scripting (XSS) and Man-in-the-middle (MitM) attacks. Special emphasis should be placed on recent statistics from peer-reviewed articles. Cross-site scripting is an attack where the attacker gains access to a user’s account on a vulnerable website by tricking the website into returning malicious JavaScript code (PortSwigger, n.d.). The attacker achieves this by sending in some text input that the website will store and render later, containing the malicious JavaScript. When the website tries to display the data that was provided, it accidentally also executes this malicious JavaScript code which then runs silently in the background gathering data about visitors of the website. If possible, this malicious JavaScript will then steal the authentication token from the legitimate user and allow the attacker to access the site while impersonating them (PortSwigger, n.d.). An estimated 65% of websites are vulnerable to XSS attacks (Gupta, Gupta, Gangwar, & Kumar, 2015). This is a signicantly higher percentage than other attack types such as SQL injection (Gupta, Gupta, Gangwar, & Kumar, 2015). This tells me that XSS attacks are more dicult to guard against than SQL injection attacks. There are likely a variety of complex reasons as to why this is the case, however, one possible reason that I could identify from my research is the variety that XSS attacks can come in. Below are potential Cross-site script examples: <script></script> <body onload=alert(‘test’)></body> <IMG SRC=j&#X41vascript:alert('test2')> (KirstenS, n.d.) You can see from the above examples that it is often very hard to tell whether or not an input is going to produce a malicious result. I believe that this is why XSS is so prevalent, many people believe that checking for <script></script> tags is enough to secure their inputs, but this is not the case. Man-in-the-middle attacks are any type of attack where the attacker intercepts a user’s communication with a legitimate site (Yasar, 2022). This allows attackers to capture sensitive information such as login details, credit card details, and social security numbers (Yasar, 2022). MitM attacks are some of the most common cyber security attacks with 35% of exploits in 2018 resulting from MitM attacks and an estimated 95% of HTTPS web servers being vulnerable to them (SecureOps, 2021). According to Yasar from TechTarget there are at least 6 dierent attack vectors for MitM attacks (Yasar, 2022), which seems to correlate with the high frequency of these attacks. Even if a system is very secure to one type of MitM attack it may still be vulnerable to another. The above statistics seem to paint a very bleak picture of the application security landscape. It seems like there are no secure systems, but this is not the case. All that we should take away from the above statistics is that the threats in our current technological landscape are very real and it is up to us as Computer Science experts to guard our users against them. Gupta, B., Gupta, S., Gangwar, S., & Kumar, M. (2015). Cross-site scripting (XSS) abuse and defense: Exploitation on several
testing bed environments and its defense. Journal of Information Privacy and Security, 11, 118-136. doi:10.1080/15536548.2015.1044865 KirstenS. (n.d.). Cross Site Scripting (XSS). Retrieved from OWASP: https://owasp.or g/www-communit y/attacks/xss/ PortSwigger. (n.d.). Cross-site Scripting. Retrieved from PortSwigger: https://portswi gger.net/web-securit y/cross-site-scriptin g SecureOps. (2021). Critical Cybersecurity Statistics You Must Know for the Last Several Years. SecureOps. Yasar, K. (2022). DEFINITION: man-in-the-middle attack (MitM). Retrieved from TechTarget: https://www.techtar get.com /iota genda/de nition/man-in-the-middle-attack-MitM 600 words Permalink Show parent by Ayuel A yuel - Monday, 18 December 2023, 10:51 AM Hello Leornard, Thanks for sharing your assignment with us here on the platform. You have substantially responded to the topic of discussion and appreciate how briey you have describe both XSS and the Man-in-the-Middle attack. Nice work on using the APA style of referencing in supplementing your article. Keep going. 50 words Permalink Show parent by Mehtab Sin gh Gill - Wednesday, 20 December 2023, 4:50 PM Your explanations of XSS and MitM attacks are clear and easy to understand, making it accessible to readers with varying levels of technical knowledge. 24 words Permalink Show parent by Juma Bullen Sebit - Monday, 18 December 2023, 7:45 AM In recent years, the number of cyberattacks targeting web applications has been steadily increasing. Attackers continuously evolve their techniques to exploit vulnerabilities and gain unauthorized access to sensitive data. Two prevalent types of attacks that pose signicant threats to web applications are attacks, and Thanks for your response Ayuel! Kind Regards words 7 Permali Show pare by Leonard Van Ge - Tuesday, 19 December 2023, 7:36 PM
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
  • Access to all documents
  • Unlimited textbook solutions
  • 24/7 expert homework help