Week 6 Reading Summary, Question, and recent Cyber Security News…

1. Summarize one key point from each assigned reading…

This week we begin our focus on web application security from the Burp Suite included with Kali2-Linux (tools to perform security testing [Burp Proxy, Spider, Intruder, Decoder, etc.]) and on web application injection vulnerabilities (client-side submission of unexpected unputs in order to exploit system vulnerabilities [vulnerabilies known, but still not fixed by many web site developers/owners over the last 10 yrs.]) Best practices for web app security would be to have managers & developers design & maintain web apps with security always a part of the overall process (definitely minimize user input validation issues, etc.)

2. Question to classmates (facilitates discussion) from assigned reading…

Question: Using Burp Proxy (intercept web traffic) & Burp Intruder (automate custom web app attacks), which would be your choice of Burp Intruder “payload”?

*Answer: My choice would be to use the “Pitch-fork” attack (for a SQL injection web app attack [custom username & passwd payloads.])

Identify, read, and post to our blog a current event article regarding ethical hacking & penetration testing (follow theme topic of the week, or other interesting related article)…

In the Cyber Security News lately…

Microsoft’s New Security Approach (as reported within the RedmondMag.com on 1/5/2016)…

https://redmondmag.com/articles/2016/01/01/a-new-security-approach.aspx

Back in 2002 Microsoft began their “Trustworthy Computing” security initiatives (improve security on products such as Windows OS, Office suite, etc.), and now fast forward to 2015 (massive global security threats against almost all Internet connected organizations) with Microsoft’s evolved security focus much more on “operations” (new security initiatives such as their Cyber Defense Operations Center [24×7 rapid response from many diverse security experts], Azure Security Center [cloud services for IT admins to monitor Microsoft client’s security cloud environment], etc.)… definitely an excellent direction for Microsoft, but let’s see how it all goes in near future for Microsoft and it’s cloud partners (security breach frequency & response times, transparency, etc.)