You are working for an organisation that is using a very old web-based application that was developed in-house and is only used by members of the organisation. The leader of the web development team has indicated that the application needs to be urgently redeveloped as it is dependent upon outdated frameworks that have recently been found to be vulnerable to SQL injection attacks, however the organisation is currently short on funding. One of the security team has suggested using a web application firewall to prevent common attacks instead. (a) Explain the additional security that would be provided by the web application firewall. (b) Discuss any alternative or complimentary technologies that would assist in securing the application.

You are working for an organisation that is using a very old web-based application that was developed in-house and is only used by members of the organisation. The leader of the web development team has indicated that the application needs to be urgently redeveloped as it is dependent upon outdated frameworks that have recently been found to be vulnerable to SQL injection attacks, however the organisation is currently short on funding. One of the security team has suggested using a web application firewall to prevent common attacks instead. (a) Explain the additional security that would be provided by the web application firewall. (b) Discuss any alternative or complimentary technologies that would assist in securing the application.

A+ Guide To It Technical Support

10th Edition

ISBN:9780357108291

Author:ANDREWS, Jean.

Publisher:ANDREWS, Jean.

Chapter17: Security Strategies And Documentation

Section: Chapter Questions

Problem 17TC: Your boss asks you to work through the weekend to install new software on the applications server...

See similar textbooks

Similar questions

Describe why web application protection is important. What might go wrong in an unreliable application? Why is it important to protect against SQL injection attacks? Provide at least one connection to a web resource that assisted you in understanding this idea.
One of you company's applications has been performing poorly lately, often taking more than 15 seconds to respond during busy periods when it normally takes less than a second. The server is running Linux and has Apache web server and MySQL database server running on it, and the application itself. What would you investigate, and how would you troubleshoot this issue?
Design a simple web application in a programming environment of your choice that illustrates the SQL injection web application vulnerabilities. You should also come up with a secure version of the application that demonstrates how to prevent against their associated attacks.
Based upon your readings this week, explain what each of the following terms mean and how they can be prevented. This will aid you in preparing for the quiz on this material. Topics: Buffer Overflow Injections (SQL, HTML, Command, Code) Authentication Credential brute force Session hijacking Redirect Default credentials Weak credentials Kerberos exploits Authorization Parameter pollution Insecure direct object reference Cross-site scripting (XSS) Stored/persistent Reflected DOM Cross-site request forgery (CSRF/XSRF) Clickjacking Security misconfiguration Directory traversal Cookie manipulationLinks to an external site. File inclusion Local Remote Unsecure code practices Comments in source code Lack of error handling Overly verbose error handling Hard-coded credentials Race conditions Unauthorized use of functions/unprotected APIs Hidden elements (sensitive info in the DOM) Lack of code signing
Your boss asks you to work through the weekend to install new software on the applications server that serves up applications to 20 users. The following Monday, all users report they cannot open their data files. After speaking with technical support for the new application, you discover it is not compatible with the old data files. Which type of documentation should you refer to first to address this problem? a. Risk analysis documents b. Back-out plan documents c. Change management documents d. Scope of change documents
Which web application attack is most likely to harvest pieces of a database's private data? What security safeguards might be implemented to protect your production SQL databases against injection attacks? What can you do to guarantee that penetration testing and web application testing are included in your organization's implementation procedures?
Give typing answer with explanation and conclusion Calculate the unavailability of the following system. The load balancer switches cleanly between the presentation server and its backup. The presentation server uses the main database but can fail over to the database backup. The backup presentation server is only configured to use the main database, not its backup. Assume the following unavailabilities. Item Unavailability LoadBalancer 0.9% PresentationServer 0.9% PresentationServerBackup 0.7% Database 1.1% DatabaseBackup 0.6%
Discuss the security considerations and best practices for web application development, including topics like cross-site scripting (XSS), cross-site request forgery (CSRF), and SQL injection prevention.
How can I use JQuery or AJAX call in Laravel for live database update and load onto the page?
To increase security of data stored on an RODC, what can be configured to specify domain objects that aren't replicated to RODCs? Group of answer choices Filtered attribute sets Online defragmentation settings Site-to-site relationships Bridgehead server
Describe the process of securing a web application against common vulnerabilities such as SQL injection, XSS (Cross-Site Scripting), and CSRF (Cross-Site Request Forgery).
You are the database administrator for the XYZ Furniture Company. Management is reviewing its Customer Management System (CMS). Within the system, there are two tables: clients and contacts. Clients are linked to Contacts by ContactID. Clients have additional information available in it that may not be available in Contacts. You know that all Clients are Contacts but not all Contacts are Clients. Clients store the structure of the tables is below.ContactsClientsContactID* ClientIDContactName ContactIDContactAddress Billable (T/F)Email PastDueAmount (float)PhoneContactTypeYou have been tasked with finding the names, addresses, and emails for billable clients with a past due bill. Create the SQL to retrieve the data from the tables. Identify at least one other query opportunity that you would be able to create a useful report for, from the two tables. You may add columns to either table if you would like. The new columns should be logical and…