Assignment 2: Web Application Attack Scenario
Suppose that you are currently employed as an Information Security
Manager for a medium-sized software development and outsourcing services
company. The Software Development Director has asked you to provide a
detailed presentation for her department regarding the most common Web
application threats and the manner in which their products could
compromise customer financial data. The products in question use
Microsoft SQL Server databases and IIS Web servers. She has asked you to
provide a report for her review before she schedules the presentation.
Write a two to four (2-4) page paper in which you:
- Analyze the common threats to data systems such as Web applications
and data servers. Next, speculate on the greatest area of vulnerability
and potential for damage and / or data loss of such data systems (e.g.,
SQL injection, Web-based password cracking).
- Devise one (1) attack scenario where a hacker could use the area of
vulnerability that you chose in Question 1 in order to gain access to a
network or sensitive data. Examine the primary ways in which the hacker
could execute such an attack, and suggest the strategic manner in which a
security professional could prevent the attack.
- Explore the primary role that the human element could play in adding
to the attack scenario devised in Question 2. Give your opinion on
whether or not the human component is critical in protection from that
type of attack.
- Use at least three (3) quality resources in this assignment. Note:
Wikipedia and similar Websites do not qualify as quality resources.
Your assignment must follow these formatting requirements:
- Be typed, double spaced, using Times New Roman font (size 12), with
one-inch margins on all sides; citations and references must follow APA
or school-specific format. Check with your professor for any additional
- Include a cover page containing the title of the assignment, your
name, the professor’s name, the course title, and the date. The cover
page and the reference page are not included in the required assignment