Week 10 Summary

Web Application vulnerabilities are a significant threat to websites and companies in which an attack can exploit a weakness on the website to gain access to sensitive information. XSS is the most common type of web app attack, with SQL injection coming in second. For XSS attack, an attacker can exploit badly written code in the website by inputting their own code into an input box. The code will allow the attacker to either test if the website is open to a XSS vulnerability, or will submit the code in an attempt to display sensitive information. In SQL injection, the attacker can input certain code into an input box in order to either test for a SQL injection vulnerability, or to view the contents of the database of sensitive information. Other types of web app attacks include URL tampering, and using unicode to avoid IDS’s. Prevention includes looking over and fixing faulty code, web application firewalls or scanners.

News story for the week:

US Naval Academy teaches celestial navigation due to fears of hacking of navigation systems.
http://www.dailymail.co.uk/news/article-3273519/US-Naval-Academy-returns-celestial-navigation-amid-fears-computer-hacking.html