| 
  • If you are citizen of an European Union member nation, you may not use this service unless you are at least 16 years old.

  • Whenever you search in PBworks, Dokkio Sidebar (from the makers of PBworks) will run the same search in your Drive, Dropbox, OneDrive, Gmail, and Slack. Now you can find what you're looking for wherever it lives. Try Dokkio Sidebar for free.

View
 

COP4709 Assignment 13A - Security

Page history last edited by Dr. Ron Eaglin 7 years, 10 months ago

 Assignment 13A - Security

 

Objectives

 

Learn about database security

 

Assignment

 

You will be doing a paper for this assignment. The paper consists of 2 parts; one is the hacker, the other is the defender.

 

Part 1 - Hacker: For the first part you need to investigate and plan a SQL injection attack.  A simple article on SQL injection is here - http://www.w3schools.com/sql/sql_injection.asp The goal of a planned attack is to penetrate the database and get a list of all users and passwords. In your paper as the hacker you will describe the method and technique you will use.

 

Part 2 - Defender: You are expecting plenty of SQL injection attacks and you will outline how you will defend these attacks. In addition the hackers are quite likely to use any backdoor channel that they can find. You need to ensure that these are hardened. Please document all these steps in your plan.

 

 

Information

 

Learn about SQL Injection here - http://www.w3schools.com/sql/sql_injection.asp 

 

Estimated Completion Time

 

About 5-10 hours

 

Supporting Lectures 

 

Topic - Security and SQL Injection

 

Questions and Answers

 

There are a lot more ways to hack a DB system other than SQL Injection. Even though the assignment does not require it, I recommend you at least watch and get all the information from the DB hardening lecture.

 

External Resources

 

http://www.w3schools.com/sql/sql_injection.asp 

 

Grading Criteria

 

A good hacker plan is worth 4

A solid plan of defense is worth 6

 

Comments (0)

You don't have permission to comment on this page.