Reference no: EM133295389
Defense against web attacks is critical in a security professional's skill set. Your manager has asked you to review Aim Higher College's Web server and application security and to suggest appropriate defenses. For each of the following scenarios, explain what the threat or threats are, what protection you would recommend, and why.
1. Aim Higher College has deployed an open-source blog package. This package uses a database backend and allows users to create user IDs, sites, and content to post it. Recently, the service has had off-campus users who have posted links that appear to be directed toward university resources but are getting redirected toward off-campus malware sites. What would you recommend that the application administrator should do?
2. A developer for Aim Higher College is creating a Web server form for submitting calendar events to the College's event calendar. What protective measures would you suggest to ensure its security?
3. Database administrators from Aim Higher College's central Information Technology (IT) group have contacted the security team, noting that they are finding odd entries in a Web application's backend database. Some entries appear to be SQL commands such as "UNION" and "JOIN," which cause them to think that an attacker is probing the Web application. What recommendations would you provide to protect the application and the backend database?
4. A scan of Aim Higher College's primary Web server using a Nikto shows many default configuration files and sample files on many older servers. What is wrong with this, and what should be done about it?