5444 project part 3,lab9,

Project Part 3: SQL Injection Response

Scenario

Aim Higher College just learned that sensitive information has been stolen from a student information system and posted on the Web. After reviewing web server and database logs, the Aim Higher IT security team believes that the source of the problem is a SQL injection vulnerability. The vulnerability appears to exist in a web application used by students to register for courses. As part of the incident response report to be submitted to Aim Higher College’s management staff, your supervisor asks you to provide details about this type of vulnerability, how an attacker might exploit it, and methods of detection and removal.

Required Resources

Access to the Internet

Course textbook

Tasks

Research SQL injection attacks on the Internet to supplement your existing knowledge. Using the information you discovered during this research, in conjunction with what you learned in class, write an incident response report for Aim Higher College’s management detailing the following information:

A non-technical QUESTION of SQL injection vulnerabilities intended for a college management audience.

The threat that SQL injection poses to the college’s data. Include three possible scenarios that describe how an attacker might conduct this type of attack, the information that they may be able to obtain, and how they might use it maliciously.

An implementation plan to fortify the college’s web applications against SQL injection attacks

A monitoring plan that will provide:

Early warning to developers and security administrators that a SQL injection vulnerability exists in a web application

Detection of successful and unsuccessful attempts to conduct SQL injection attacks against college systems

Lab #9)

1. When you are notified that a user’s work station or system is acting strangely and log files indicate system compromise, what is the first thing you should do to the workstation or system and why?
2. When an anti virus program identifies a virus and quarantines this file, has the malware been eradicated?
3. What is the SANS Institute’s six-step incident handling process?
4. What is the risk of starting to contain an incident prior to completing the identification process?
5. Why is it a good idea to have a security policy that defines the incident response process in your organization?
6. The post-mortem, lessons learned step is the last in the incident response process. Why is this the most important step in the process?