COMP249 Web Technology
Tutorial - Week 8
Answer the following questions and hand in your answers in a text file (Notepad .txt) via WebCT before 9am Tuesday, April 28th.
-
Search the Web for descriptions of security vulnerabilities and bring the following to the tutorial one example of either:
- A buffer overflow vulnerability.
- A Denial of Service attack vulnerability.
- A CGI or SQL Injection vulnerability.
The example must be different from those of the lectures. For your example, write:
- The source of the information.
- An explanation of the exploit. Don't just cut and paste, use your own words.
- How does public key cryptography enable you to:
- prove your identity
- ensure that a message you recieve hasn't been tampered with.
Additional topics for discussion in the tutorial (not for handing in):
Discuss the security problems that might arise when writing a CGI based document store. The service will accept documents from registered users, store them on the server and provide a browsing interface to enable documents to be viewed. Users can register to have an email sent to them when new documents are uploaded.
- What potential exploits might arise in such a service?
- What precautions should be taken in the code to avoid these problems?
- How does having an open Internet port on a server or desktop computer make it vulnerable to attack from the outside? As an attacker, how would you go about exploiting this vulnerability?
- What is a rootkit? How would the use of a rootkit make gaining access to systems easier? How might knowing about particular rootkits help in keeping a system secure?
- How would you design and write a Trojan Horse program - one which appears to do one job but is secretly doing something else for the bad guys. On a Windows system, what would be a good target for a Trojan?