Cyber Security Worksheet

User Generated

wnaonfvg7890

Computer Science

Description

Please review and complete both of the parts. Refer to the document for more information. Thanks!
Part 1:

Instructions

Given the database schema below, and a form that asks a user to provide their account number in order to retrieve the account balance through the following query, craft a SQL injection attack that would allow customer John Doe to “steal” $500 from customer Homer Simpson.

SELECT Balance

FROM Accounts

WHERE Account_Num = <number>



Part 2:

Instructions

Applets are code objects sent from a server to a client and executed on the client. Discusses the advantages and disadvantages, from the point of view of security and privacy, of executing server-provided code on a client. Then compare Java applets to the now deprecated ActiveX controls.


Unformatted Attachment Preview

Part 1: Deliverable Submit a document that includes the code for your SQL injection attack (Word or PDF format) which includes: a) the rationale for why you set it up the way you did and b) what the expected result(s) will be if the attack was to be carried out. Part 2: Instructions Applets are code objects sent from a server to a client and executed on the client. Discusses the advantages and disadvantages, from the point of view of security and privacy, of executing serverprovided code on a client. Then compare Java applets to the now deprecated ActiveX controls. Deliverable Create a professionally formatted report, not to exceed one page, summarizing your analysis.
Purchase answer to see full attachment
Explanation & Answer:
2 pages
User generated content is uploaded by users for the purposes of learning and should be used following Studypool's honor code & terms of service.

Explanation & Answer

View attached explanation and answer. Let me know if you have any questions.

Cyber Security

Name
Institution
Date

SQL Injection Attack
An SQL injection is a cyber-security attack that targets SQL databases using unique database
statements that manipulate the system into doing as the code instructs.
String query = “SELECT Balance * FROM Accounts”
WHERE Account_Num=
The above code is fragile, and the attacker can provide the following string for ACCOUNT that
would allow John Doe to access the account number of Simpson. The SQL statement, therefore,
executes as follows.
Combine the tables
SELECT * FROM Accounts as cs Cross join
WHERE Account = 'Simpson.' > Account = ‘John Doe’
AND Account_Num = ‘256304’
‘Steal’
UPDATE balance = balance-500
WHERE Account_Num = ‘256304’
UPDATE balance set balance = balance+500
WHERE Account_Num = ‘256101’
It, therefore, means the query will return the entire table's data, giving the attacker unauthorized
access to accounts in the database. Using a cross join in the SQL injection combines two tables.
The ‘UPDATE’ will transfer 500 dollars from Homer Simpson to John Doe account.

Applets
Applets are Java programs that are executable on a java enabled browser. They are
designed to execute within another application (Hammond, 2017). An applet enables user
interaction in the browsing environment. The significant merits of applets are that they run inside
a java enabled browser and work on the client side. It, therefore, takes less time to respond.
Applets are executed by several platforms with any browser, i.e., Mac OS, Windows, Linux Os....


Anonymous
Excellent resource! Really helped me get the gist of things.

Studypool
4.7
Indeed
4.5
Sitejabber
4.4

Related Tags