Database System Concepts
7th Edition
ISBN: 9780078022159
Author: Abraham Silberschatz Professor, Henry F. Korth, S. Sudarshan
Publisher: McGraw-Hill Education
expand_more
expand_more
format_list_bulleted
Related questions
Question
Transcribed Image Text:You are working for an organisation that is using a very old web-based application
that was developed in-house and is only used by members of the organisation. The
leader of the web development team has indicated that the application needs to be
urgently redeveloped as it is dependent upon outdated frameworks that have
recently been found to be vulnerable to SQL injection attacks, however the
organisation is currently short on funding. One of the security team has suggested
using a web application firewall to prevent common attacks instead.
(a) Explain the additional security that would be provided by the web application
firewall.
(b) Discuss any alternative or complimentary technologies that would assist in
securing the application.
Expert Solution
This question has been solved!
Explore an expertly crafted, step-by-step solution for a thorough understanding of key concepts.
Step by stepSolved in 2 steps
Knowledge Booster
Learn more about
Need a deep-dive on the concept behind this application? Look no further. Learn more about this topic, computer-science and related others by exploring similar questions and additional content below.Similar questions
- Research the three types of firewalls available to corporations and answer the questions below. Describe each type of firewall. Determine which types can reside on a server (as opposed to a networking appliance). Of the server-supported firewalls, choose which types of firewalls are best for your organization. Explain. What are the best locations for these firewalls? Why? As an example, research and describe the 'standard' ingress/egress rules appropriate for the File and Print Services server role.arrow_forwardImportant criteria for an a.security NET are laid down. You may begin your investigation at the Open Web Application Security Project's GitHub page, the Microsoft.NET Security website, or any other reliable resource.arrow_forwardA popular computer network publication stated at one time that the enterprise firewall was dead. It boldly stated that the exterior firewalls of the organization should be torn down and replaced with host-based firewalls instead. Is this insane, or is it the best new practice in security management? Explain your answer.arrow_forward
- An explanation of firewalls' function in the context of network security and protection is required. Don't forget to define the phrase and include examples that highlight its value to the business.arrow_forwardThe stakeholders of a software company have four new security requirements that they are considering including in the next release of their flagship product: Two-factor authentication (2FA), Captcha for Bot Detection (CBT), Password Expirations (PEX), and Role-base access control (RBA). Given the time constraints, they may not be able to include all, so they need to prioritize these requirements based on three criteria: Maintainability (MA), Ease of Use (EU), and Integration Support (IS). They have the following pairwise preferences of the criteria: Maintainability is three times as important as Ease of Use Ease of Use is two times as important as Integration Support Maintainability is five times as important as Integration Support Based on the above information, do the following: Rank the four security requirements using the criteria weights and the following alternatives matrix: MA EU IS 2FA 0.36 0.29 0.09 CBT 0.13 0.33 0.18 PEX 0.27 0.21…arrow_forwardWhat are common attacks against access control methods and appropriate countermeasures to mitigate potential attacks on access control methods?arrow_forward
- Please list the most important parts of a.NET protection and tell us why they are so important. The Open Web Application Security Project's (OWASP) GitHub page, the Microsoft.NET Security website, and any other good websites that come to mind are all on the table.arrow_forwardCould you maybe clarify what what is meant by the phrase "Firewall vulnerability exploit"?arrow_forwardThe stakeholders of a software company have four new security requirements that they are considering including in the next release of their flagship product: Two-factor authentication (2FA), Captcha for Bot Detection (CBT), Password Expirations (PEX), and Role-base access control (RBA). Given the time constraints, they may not be able to include all, so they need to prioritize these requirements based on three criteria: Maintainability (MA), Ease of Use (EU), and Integration Support (IS). They have the following pairwise preferences of the criteria: Maintainability is three times as important as Ease of Use Ease of Use is two times as important as Integration Support Maintainability is five times as important as Integration Support Based on the above information, do the following: Make a matrix capturing all pairwise comparisons of importance of criteria.arrow_forward
- Discuss common security vulnerabilities in web applications, such as Cross-Site Scripting (XSS) and Cross-Site Request Forgery (CSRF), and methods to mitigate them.arrow_forwardDiscuss the function of firewalls in modern network architectures and define the term "firewall" in its context.arrow_forwardSummarize the risks of using JavaScript in a web application from a security perspective.arrow_forward
arrow_back_ios
SEE MORE QUESTIONS
arrow_forward_ios
Recommended textbooks for you
- Database System ConceptsComputer ScienceISBN:9780078022159Author:Abraham Silberschatz Professor, Henry F. Korth, S. SudarshanPublisher:McGraw-Hill Education
Starting Out with Python (4th Edition)Computer ScienceISBN:9780134444321Author:Tony GaddisPublisher:PEARSON
Digital Fundamentals (11th Edition)Computer ScienceISBN:9780132737968Author:Thomas L. FloydPublisher:PEARSON 
C How to Program (8th Edition)Computer ScienceISBN:9780133976892Author:Paul J. Deitel, Harvey DeitelPublisher:PEARSON
Database Systems: Design, Implementation, & Manag...Computer ScienceISBN:9781337627900Author:Carlos Coronel, Steven MorrisPublisher:Cengage Learning
Programmable Logic ControllersComputer ScienceISBN:9780073373843Author:Frank D. PetruzellaPublisher:McGraw-Hill Education
Database System Concepts
Computer Science
ISBN:9780078022159
Author:Abraham Silberschatz Professor, Henry F. Korth, S. Sudarshan
Publisher:McGraw-Hill Education
Starting Out with Python (4th Edition)
Computer Science
ISBN:9780134444321
Author:Tony Gaddis
Publisher:PEARSON
Digital Fundamentals (11th Edition)
Computer Science
ISBN:9780132737968
Author:Thomas L. Floyd
Publisher:PEARSON
C How to Program (8th Edition)
Computer Science
ISBN:9780133976892
Author:Paul J. Deitel, Harvey Deitel
Publisher:PEARSON
Database Systems: Design, Implementation, & Manag...
Computer Science
ISBN:9781337627900
Author:Carlos Coronel, Steven Morris
Publisher:Cengage Learning
Programmable Logic Controllers
Computer Science
ISBN:9780073373843
Author:Frank D. Petruzella
Publisher:McGraw-Hill Education