Week 7 Reading Summary, Question, and recent Cyber Security News…

1. Summarize one key point from each assigned reading…

SQL injection is a type of code injection technique that exploits a security vulnerability occurring in the DB layer of an application (user input incorrectly filtered… then possibly passed into the DB via manipulated SQL statements.) To help prevent SQL injections do the following: user input must be carefully escaped/filtered, and also audit one’s web site & SQL databases with a good web vulnerability scanner [WebCruiser, etc.])

2. Question to classmates (facilitates discussion) from assigned reading…

Question: What would be some other SQL database vulnerabilities, and also how to fix quickly?

*Answer: Here is my answer… known SQL flaws within the DB server itself, and here one would install the latest software updates ASAP to make the overall system more secure! How about your answer…

Identify, read, and post to our blog a current event article regarding ethical hacking & penetration testing (follow theme topic of the week, or other interesting related article)…

In the Cyber Security News lately…

2016 Marching Orders – Encrypt End-to-End While You can (as reported recently within the RedmondMag.com on 1/11/2016)…

“Data breaches remain a critical threat to organizations and there’s concern that one of the best defenses, end-to-end encryption technology, may not be around forever… Hillary Clinton said in a Brookings Institute speech. ‘And this is complicated. You’re going to hear all of the usual complaints, you know, freedom of speech, etc. But if we truly are in a war against terrorism and we are truly looking for ways to shut off their funding, shut off the flow of foreign fighters, then we’ve got to shut off their means of communicating. It’s more complicated with some of what they do on encrypted apps’… Expect to keep hearing demands from the stump for encryption technology that keeps corporate and personal data safe, but is completely accessible to law enforcement and intelligence agencies whenever they need it… Meanwhile, the technology keeps moving forward. One element to keep an eye on in 2016 is quantum computing, which could make a lot of current encryption technology irrelevant… over the next 15 years will necessitate the migration of all our existing public-key cryptosystems to new quantum-resistant algorithms and a quantum-resistant TLS (used for every HTTPS secure Web connection) is the first step.”

https://redmondmag.com/articles/2016/01/01/2016-marching-orders.aspx