Wednesday, January 19, 2011

CS507 Assignment No. 4 Announced

Assignment No. 04 SEMESTER Fall 2010 CS507- Information Systems
Total Marks: 10
Due Date: 24/1/2011

Instructions
Please read the following instructions carefully before solving & submitting assignment:
It should be clear that your assignment will get zero marks if:
o The assignment is submitted after due date.
o The submitted assignment does not open or file is corrupt.
o The assignment is copied (from other student or ditto copy from handouts or internet).
o Student ID is not mentioned in the assignment File or name of file is other than student ID.

Note:
Your answer must follow the below given specifications. You will be assigned zero marks if you do not follow these instructions.
• Font style: "Times New Roman"
• Font color: "Black"
• Font size: "12"
• Bold for heading only.
• Font in Italic is not allowed at all.
Do not put any query at MDB about this assignment, if you have any query then contact at cs507@vu.edu.pk

Deadline
Your assignment must be uploaded/submitted at or before Monday, January 24, 2011.
Marks: 10

Web application security

Dear Student
You have learned in this course about the system security risks and vulnerabilities.
That when any system goes online so it is more likely be attacked by hackers.
Hackers try to attack at the application layer of network system. Just to get into the database of system, as application layer is the bottom layer from which any computer can access to let the data traffic comes in.
You have learned about the various technical controls that ensure security like:

• Firewall
• Antivirus software
• Network security scanners etc

From the figure, it is clear that the network firewall do not protect a web application they are only designed for network level security. It blocks unwanted traffic and activity and allow legitimate traffic in.
Antivirus software detects system level issues, not the browser.
Whereas, network security scanners are a good choice to secure network services. But they do not launch any security checks to check the vulnerabilities in web applications.

Hackers can easily hack web application firewalls as they won't fix security holes in web applications and are not immune to attacks. Common attacks are:
1) Cross site scripting (XSS)
2) Cross site request forgery (CSRF)
3) SQL injection (SQL)
4) Buffer overflow etc

Question:
What are the challenges faced by WAFs (Web Application Firewalls) in order to secure the web applications? Write only five challenges. [ 10 marks]

Note: Write only precise answer and avoid giving extra details.
Firewall
Database server
Web application server
Hacker
Internet

0 comments:

Post a Comment