You are required to answer two out of three discussion questions
Visit the Open Web Application Security Project (OWASP) Web site to research Web application attacks (https://www.owasp.org/index.php/Category:Attack)
- Choose one specific type of Web application attack, e.g. brute force, command execution, csrf, file inclusion, SQL Injection (blind), upload, and XSS stored.
- Research the attack using information from OWASP and *other* resources (e.g. textbooks, articles, and other Web sites)
- Write a plain English summary of what is attacked and how the attack works (write a description of it).
- Is your selected attack an attack against confidentiality, integrity, or availability? Explain your answer.
- What specific Web application vulnerability is attacked? (Hint: look for a Common Vulnerabilities and Exposure (CVE) number for the attack.)
Your response must be 150+ words and include APA format in-text citations and references.
Research advanced persistent threats (APT). Then, answer the following questions:
- What is an APT?
- How does this class of threat differ from other types of attacks against information and information systems?
- What characteristics of an APT make it difficult if not impossible to detect and remove the piece-parts of an APT from a network and the information systems connected to that network?
Your response should be 150+ words and include APA format in-text citations and references.
Microsoft provides a malicious software removal tool as part of its Windows Update service. The types of malware removed by this tool are listed on this Web page: http://www.microsoft.com/security/pc-security/malware-families.aspx
Choose one of the listed types or variants of malicious software that will be removed by the Microsoft tool (click on its link on the Web page listed above and then click on the Technical Details tab). Read the provided information to learn what that malicious software is, how it attacks a computer system, and what the impact of an infection can be. Does this malware attack confidentiality? Data or system integrity? Data or system availability?
Write a 150+ word summary that answers the questions above. Make sure that you include the correct name for your chosen type of malicious software as part of your posting.