While reviewing web server logs, a security analyst notices the following code:
Which of the following would prevent this code from performing malicious actions?
(choose one and why)
- Performing web application penetration testing
- Requiring the application to use input validation
- Disabling the use of HTTP and requiring the use of HTTPS
- Installing a network firewall in front of the application
Homework Answers
The given code queries the profiles.php page with malicious script added with the id.
This would give access to the attacker, to manipulate the database at the backend. As we can see in the query string where the attacker is passing the UNION database query to get access to other elements of the database. This is a very common attack called SQL injection where the attacker passes SQL malicious code to backend database and access the database.
This should be avoided at application end only where it can validate the user input and restrict unauthorized access to the backend so that it doesn't pass any SQL injection to the database.
So to avoid this, the application requires user input validation.
Web application penetration testing, using HTTPS, and network firewall won't work in this case because the attacker is injecting SQL code in the query itself very smartly and it will go undetected in these methods.
Hence, the correct answer is:
B.Requiring the application to use input validation
This completes the requirement. Let me know if you have any queries.
Thanks!
Add Answer to:
While reviewing web server logs, a security analyst notices the following code: Which of the following...
web problem, JavaScript language for the Web Explain what is wrong with the following code and...
web problem, JavaScript language for the Web
Explain what is wrong with the following code and then fix it. [I want to submit a GET request to the server and I must send the account ID.] async function getAccountInfo () { const res = await fetch('http://example.com/account', { method: 'GET', body: JSON.stringify ({accountID: 123}), headers: {'Content-Type': 'application/json'} }); const accountInfo = await res.json (); console.log (accountInfo);
Figure 1 LAN Subnet: 192.168.40.0124 LAN Switch Internet External Firewall Internal Firewall DMZ Subnet: 192.168.10.0/24 LAN devices Web Server running on port 80 IDS (Snort VM) Remote Access S...
Figure 1 LAN Subnet: 192.168.40.0124 LAN Switch Internet External Firewall Internal Firewall DMZ Subnet: 192.168.10.0/24 LAN devices Web Server running on port 80 IDS (Snort VM) Remote Access Server (Nginx VM) (OpenVPN) Overview Medium to large organisations typically consist of services that are accessed/consumed from external parties for various purposes. As such, a DMZ is a suitable solution to segregate such services from internal networkis). The network diagram provided (Figure 1) illustrates the IT environment of a medium organisation, which...
Subject: Principles of Information Security Multiple Choice 1. Which cryptographic protocols can be used by SSL/TLS?...
Subject: Principles of Information Security Multiple Choice 1. Which cryptographic protocols can be used by SSL/TLS? A. HTTPS and SSMTP B. Diffie-Hellman and RSA C. RC4 and 3DES D. MD5 and SHA-1 2. Which protocol is used for the transfer of hyperlinked data over the Internet, from web servers to browsers? A. SSMTP B. HTTP C. SPOP3 D. HSTS 3. Which port does HTTP traffic travel over by default? A. TCP port 8080 B. TCP port 80 C. UDP port...
Modify current code to complete the following: Current code: Validate a Web IP address which will...
Modify current code to complete the following:
Current code:
Validate a Web IP address which will accept the following positive examples: 1.1.1.1 192.0.0.255 255.255.255.255 The IP address comprises four parts each of which is one to three digits, with each part separated by a DOT or period. To match a single digit, or two digits, or three digits, you will need to use the curly braces to specify the minimum and maximum number of digits desired. digits, you will need...
ANSWER NETWORKS QUESTIONS (MCQS AND CALCULATIONS) QUESTIONS ( 11 - 20) QUESTION 11 1. Consider the following...
ANSWER NETWORKS QUESTIONS (MCQS AND CALCULATIONS) QUESTIONS ( 11 - 20) QUESTION 11 1. Consider the following excerpt from a simple server side UDP program: Server.py from socket import * sName=’127.0.0.1’ sSocket=socket(AF_INET,SOCK_DGRAM) sSocket.bind((sName, 12005)) while True: msg, cAddr =sSocket.recvfrom(2048) newMsg = msg.decode().lower() sSocket.sendto(*********************) What code could be used to replace the **********’s in line 8? newMsg.encode(), cAddr newMsg.encode() msg.encode(), cAddr msg.encode() none of the above 1 points QUESTION 12 For a client to obtain an IP address from the local...
the is my HTML and CSS code. I didn't attach the image or the CSS file...
![](https://youtu.be/sqyNqxbCfO8"> video link for
"drip too hard" </a> <!-- This line of code is for a link
--></td>
</tr>
<tr>
<td></td>
<td></td>
</tr>
<tr>
<td></td>
<td></td>
</tr>
<tr>
<td></td>
<td></p></td>
</tr>
<tr>
<td></td>
<td><!-- This line of code for insertion of images for the page
--></td>
</tr>
<tr>
<td></td>
<td><img src="hip.jpg)
the is my HTML and CSS code. I didn't attach the image or the
CSS file because of the space limit.
two things I wanted to incorporate on this page are to make "MY
TOP 3 MUSIC GENRES" blink using javascript and to make the video
links autoplay using javascript
both should be using javascript
requirement: our professor told us not to use <div> or
alert.
thank you for your help
<!DOCTYPE html>
<!-- I used w3school for the formatting...
JAVASCRIPT Create a simple web page that contains a JavaScript form that will allow the user...
JAVASCRIPT Create a simple web page that contains a JavaScript form that will allow the user to answer 7 trivia questions. Your trivia game should contain: 2 text boxes 2 select dropdowns 2 multiple choice questions (using radio buttons, 4 options min) 1 choose-all-that-apply (checkboxes, 4 options min, one answer should be "None of the above"). No part-points for semi-correct answers. The questions can cover any topic you wish - but please keep it professional and easy enough that the...
Solve the code below: CODE: """ Code for handling sessions in our web application """ from bottle import request, response import uuid import json import model import dbsche...
Solve the code below:
CODE:
"""
Code for handling sessions in our web application
"""
from bottle import request, response
import uuid
import json
import model
import dbschema
COOKIE_NAME = 'session'
def get_or_create_session(db):
"""Get the current sessionid either from a
cookie in the current request or by creating a
new session if none are present.
If a new session is created, a cookie is set in the response.
Returns the session key (string)
"""
def add_to_cart(db, itemid, quantity):
"""Add an...
Risk management in Information Security today Everyday information security professionals are bombarded with marketing messages around...
Risk management in Information Security today Everyday information security professionals are bombarded with marketing messages around risk and threat management, fostering an environment in which objectives seem clear: manage risk, manage threat, stop attacks, identify attackers. These objectives aren't wrong, but they are fundamentally misleading.In this session we'll examine the state of the information security industry in order to understand how the current climate fails to address the true needs of the business. We'll use those lessons as a foundation...
TRUE/FALSE QUESTIONS: Foundations of Information Security and Assurance 1. There is a problem anticipating and testing for...
TRUE/FALSE QUESTIONS: Foundations of Information Security and Assurance 1. There is a problem anticipating and testing for all potential types of non-standard inputs that might be exploited by an attacker to subvert a program. 2. Without suitable synchronization of accesses it is possible that values may be corrupted, or changes lost, due to over-lapping access, use, and replacement of shared values. 3. The biggest change of the nature in Windows XP SP2 was to change all anonymous remote procedure call (RPC)...
web problem, JavaScript language for the Web
Explain what is wrong with the following code and then fix it. [I want to submit a GET request to the server and I must send the account ID.] async function getAccountInfo () { const res = await fetch('http://example.com/account', { method: 'GET', body: JSON.stringify ({accountID: 123}), headers: {'Content-Type': 'application/json'} }); const accountInfo = await res.json (); console.log (accountInfo);
Figure 1 LAN Subnet: 192.168.40.0124 LAN Switch Internet External Firewall Internal Firewall DMZ Subnet: 192.168.10.0/24 LAN devices Web Server running on port 80 IDS (Snort VM) Remote Access Server (Nginx VM) (OpenVPN) Overview Medium to large organisations typically consist of services that are accessed/consumed from external parties for various purposes. As such, a DMZ is a suitable solution to segregate such services from internal networkis). The network diagram provided (Figure 1) illustrates the IT environment of a medium organisation, which...
Modify current code to complete the following:
Current code:
Validate a Web IP address which will accept the following positive examples: 1.1.1.1 192.0.0.255 255.255.255.255 The IP address comprises four parts each of which is one to three digits, with each part separated by a DOT or period. To match a single digit, or two digits, or three digits, you will need to use the curly braces to specify the minimum and maximum number of digits desired. digits, you will need...
Solve the code below:
CODE:
"""
Code for handling sessions in our web application
"""
from bottle import request, response
import uuid
import json
import model
import dbschema
COOKIE_NAME = 'session'
def get_or_create_session(db):
"""Get the current sessionid either from a
cookie in the current request or by creating a
new session if none are present.
If a new session is created, a cookie is set in the response.
Returns the session key (string)
"""
def add_to_cart(db, itemid, quantity):
"""Add an...
Most questions answered within 3 hours.
-
Where is the error in this code sequence?
String s1 = "Hello";
String s2 = "ello";...
asked 10 months ago -
Financial data for Joel de Paris, Inc., for last year
follow:
Joel de Paris, Inc.
Balance...
asked 10 months ago -
Consider this reaction:
Al2(SO4)3 (aq)+ BaCl3
(aq) Al2Cl6 (aq)- +
3BaSO4(s) . What is the...
asked 10 months ago -
Suppose that Savneet is considering increasing her
recent random sample from 20 car rentals to 40...
asked 10 months ago -
Trucks arrive at an unloading terminal at an average rate of 120
per hour.
Trucks arrive...
asked 10 months ago -
Why are methanol and ethanol completely soluble in water while
octanol is not very little soluble....
asked 10 months ago -
A facilities manager at a university reads in a research report
that the mean amount of...
asked 10 months ago -
When the CuSO4 is rehydrated by adding water to the anhydrous
compound, is this an endothermic...
asked 10 months ago -
A ray of sunlight is passing from diamond into crown glass; the
angle of incidence is...
asked 10 months ago -
A block of mass 0.249 kg is placed on top of a light, vertical
spring of...
asked 10 months ago -
how do the kidneys compensate in the presences of acidosis
a) trigger hyperventilate
b) reserve acid...
asked 10 months ago -
Question 501 pts
The rental rate of capital to the firm increases. Which of the
following...
asked 10 months ago