itsecurityideas

Insider Attacks Insider attacks are defined as security breaches where a person with access to a corporate system and or network misappropriates information from that system; or when an internal employee of a given company commits a security violation against that company. (Einwechter) [i] The NIST articulates that the most prevalent and common threat to any company is the insider attack as it is the least monitored and most difficult to detect; this was as of 1994 and has remained a constant fixture in network and systems security throughout the years. (Bassham et al.) [ii] Forensic Techniques The forensic techniques available currently include local system analysis, network traffic analysis and log file reporting and analysis; however these techniques are primarily used to detect and compile evidence where a case is known or where an external and foreign entity has compromised an internal system or network. Insider attacks may compromise a system but they may do so with user a...

Cross Site Scripting (XSS) Cross Site Scripting is a type of computer security vulnerability where a malicious third party utilizes code injections and encoding techniques to exploit a given web-site or to harvest confidential data and facilitate phishing, or to execute scripts on client’s machines. [i] One of the major issues of Cross site scripting is that the End-User is often un-aware of the attack. (Rafail) [ii] XSS is used as CSS is often confused with Cascading Style Sheets. There are many types of XSS attacks; Simple Persistent (Hope et al) [iii] DOM-Based (Klien et al) [iv] Non-Persistent [v] Persistent [vi] Identity Based (Session Cookie theft and Impersonation) Although these are known types of XSS attacks, any web-portal which allows the input of dynamic content where other users may see the posted content or a portal that relies on a database back-end i.e. Message Boards, Forums, Online Sales Listing sites etc, any of these types of site may be vulnera...

Cross Site Scripting (XSS) Cross Site Scripting is a type of computer security vulnerability where a malicious third party utilizes code injections and encoding techniques to exploit a given web-site or to harvest confidential data and facilitate phishing, or to execute scripts on client’s machines. [i] One of the major issues of Cross site scripting is that the End-User is often un-aware of the attack. (Rafail) [ii] XSS is used as CSS is often confused with Cascading Style Sheets. There are many types of XSS attacks; Simple Persistent (Hope et al) [iii] DOM-Based (Klien et al) [iv] Non-Persistent [v] Persistent [vi] Identity Based (Session Cookie theft and Impersonation) Although these are known types of XSS attacks, any web-portal which allows the input of dynamic content where other users may see the posted content or a portal that relies on a database back-end i.e. Message Boards, Forums, Online Sales Listing sites etc, any of these types of site may be vulnera...