ipl-logo

Vulnerability Severity Report Of World Flights Online Ltd

1216 Words5 Pages

Introduction
This threat/vulnerability severity report has been prepared on the request of the CEO of World Flights Online Ltd. Due to the nature of the business large part of WFO Ltd.’s business is online. The sales staff who are distributed between 3 various locations throughout the UK use Web based application for flight bookings for clients. With this kind of business model and strong online presence It is essential that the website https://www.worldflights.com must be evaluated for the security of the application against best practice criteria and also to validate its security mechanisms and to identify application level vulnerabilities.
This report is based on web application focused penetration test. The purpose …show more content…

Hackers continue to attack web-based applications as they often get direct access to back-end data such as customer databases.
Recent high-profile attacks have included Yahoo, TalkTalk, Sony Pictures among many others. The nature of cyber attacks is also changing as criminals target not only financial data but personal data as well for use in identity theft and confidential intelligence to carry out cyber espionage.
The website we have tested for this report have room for improvement. The web application seems to suffer from the most fundamental security flaws, and exploiting these vulnerabilities should be no big deal for even a novice hacker. The vulnerabilities found give hacker a chance to modify and even delete user accounts, to redirect users to malicious websites under the control of the hacker, and to list every user password.
Our findings confirm that these web application vulnerabilities are threat to organizations’ overall security, such as data loss or alteration, system down-time, loss of reputation and severe fines from the regulators …show more content…

Vulnerabilities that have the potential to get command or administrative level access to the underlying operating system of the web server and its supporting database server, allowing an attacker to gain unauthorised access to the application and its resources, whilst permitting authenticated and authorised users of the application to elevate their privileges and attack other users of the system.
The web application allows raw SQL queries to be injected via users input fields. SQL injection happens when user input is not filtered for escape characters and its then passed into a SQL statement. Many functions within the application dynamically create SQL statements from user input and perform no validation on the user input before doing so.
Attacker can inject raw SQL statement that will modify the execution of the statements. This vulnerability allows an attacker read and writes access to all of the data stored within the database. An attacker could steal, modify or destroy any or all the data using SQL

Show More
Related

Nt1310 Unit 3 Exercise 1

693 Words | 3 Pages

They have having the ability to write and delete data in the database, the attackers cause damage by entering different from what its expected. Most of the time, attackers make use of dynamic SQL statements for SQL injection They also mainly use two SQL knowledge to perform this action, the semicolon; which indicates the end of the statement and the two hyphens – which indicates that a comment should be

Read More

Nt1310 Unit 1

410 Words | 2 Pages

With widespread use of internet services, the network scale is expanding on daily basis and as the network scale increases so will the scale of security threats which can be applied to system connected to the network. Viruses and Intrusions are amongst most common threats that affects computer systems. Virus attacks can be controlled by proper antivirus installation and by keeping the antivirus up to date. Whereas any unauthorized access in the computer system by an intruder can be termed as Intrusion and controlled by IDS. Intruders can be grouped into two major categories which are external and internal Intruders.

Read More

Nt1310 Unit 3 Assignment 1

922 Words | 4 Pages

4.4.4. Vulnerabilities Weaknesses, insecure network, defects, in any SCADA system that can be increase the access of unauthorized advantages. A single defect allow an attacker to gain information that defect is define as vulnerability. 4.4.5. Damage potential

Read More

Nt1330 Unit 1 Assignment

2560 Words | 11 Pages

Assignment 1 What is Web Server Scripting? Explain the principles of web server scripting: Web server scripting is simply where a script is executed on the web server before a webpage is sent to the user. This means that the files that the user can customised rather the layout or information shown on the webpage once they load it up, an example of this would be, on Facebook once you login you will get a news feed, which is for you alone and no one else. This makes webpages dynamic; they can change depending on circumstances of the user instead of being a simple static page which can’t change rather the layout, information and so forth.

Read More

Nt1310 Unit 3 Penetration Testing

112 Words | 1 Pages

1:- Penetration Testing It is the process of trying to gain unauthorized access to authorized resources, systems and applications. Penetration testing is also known as an ethical hacking as “breaking into your own system to see how hard it is to do”. Network security measurement is the task which aims at supplying the scanning to check the security flaws and security threats in applications and networks. 2:- Why perform penetration testing • Test network or system using the tools and techniques that attackers use.

Read More

Nt1330 Unit 3 Data Analysis And Data Collection Case Study

1070 Words | 5 Pages

If a hacker can gain access to the variable, they could potentially write a null and cause an error or denial of service. At the same time they could introduce a value that is not correct thus causing the program to report inaccurate values though the program is actually working. In this scenario, a hacker could attempt to change the value of their bank account balance thus tricking the bank into thinking they have more money then they really

Read More

Acct 391 Unit 1 Business Security And The Future

1670 Words | 7 Pages

Marques Underwood INSS 391 Security and the Future With the transition of companies leaning towards advancing through the usage of big data, cybersecurity and the trends in technology are creating an increase in threats. The goal is to protect the databases and devices used at these companies before they are hacked and compromised for unwanted reasons. We’ll see the general concerns with security in the IT field, and steps that specific companies are taking to prevent and adopt to the landscape of the future in security. Devices are increasing at a rapid pace these days, meaning the more data is being expanding.

Read More

Richmond International Airport Assessment Task 2

1192 Words | 5 Pages

Richmond International Airport Assessment PT 2 Student’s Name Institutional Affiliation Richmond International Airport Assessment PT 2 Introduction Security is a major concern for international airports globally since they are a gateway to great trade, international relations and even tourist destinations (Attaccalite, Di Mascio, Loprencipe & Pandolfi, 2012). Richmond international airport has continually attracted more people with a turnover of about 3million travellers annually. According to Canale, Distefano and Leonardi (2005) various kind of individuals access the airport and this may expose it to various risks which include terrorism, vandalism and illegal access to the airport. This report evaluates the potential hazards that may relate to Richmond international airport how they may potentially affect business. The research also has a risk assessment matrix and the legal requirements for Richmond airport in following the right security measures plus recommendations on how to enhance its safety.

Read More

Pros And Cons Of Obamacare

748 Words | 3 Pages

Users were having issues logging into the site because their digital identities were encountering cryptic errors. The problems with users logging in came from the insufficient capacity of the server system that was used for the site. Individuals also found that they received quotes that were not accurate because of the software’s use of only 2 different age groups. Technically, the site was designed ineffectively for the amount of users that were expected to be using the site. Experts determined that the site had around 600 different software and hardware defects that needed to be fixed in order for the site to run properly.

Read More

Fourth Amendment Pros And Cons

1236 Words | 5 Pages

The US receives approximately “one million threats” from hackers every day (Harrison and Pagliery). And though this includes businesses, organizations, etc., instances such as the embarrassing hack of SONY in 2014 demonstrate the capabilities of other foreign countries. It is of the utmost importance that the US does not arm itself and rely solely on equipment which can so easily be compromised. CNN Money categorized the three main types of threats “tech users” are nervous about into broad categories, comprised of digital exortion, where cyber thieves blackmail victims with personal files stolen, sophisticated attacks, when hackers “hide malware inside software updates”, and social media.

Read More

Compare The Overall Test Plan And Strategy For Testing By Page Inspectors

416 Words | 2 Pages

The goals in testing this application include validating the quality, usability, reliability and performance of the application. Testing will be performed from a black-box approach, not based on any knowledge of internal design or code. Tests will be designed around requirements and functionality. Another goal is to make the tests repeatable for use in

Read More

Semantic Assault Galley

1656 Words | 7 Pages

The most usually utilized strategy is listening stealthily on clueless clients to recover client records, passwords and other client related data. The burglary of client account number and related data is an intense issue in any moment dispatcher. For example, a programmer in the wake of taking a client's data mimic the client; the client's contacts not realizing that the client's account has been hacked trust that the individual they're conversing with is the client, and are influenced to execute certain projects or uncover private data. Henceforth, burglary of client personality jeopardizes a client as well as encompassing clients. Guarding against Internet security issues is by and by the focal point of future research; in light of the fact that without great insurance, a PC can be effectively assaulted, causing real misfortunes.

Read More

Social Engineering Is Bad Essay

470 Words | 2 Pages

The aspects of social engineering are thoroughly investigated from a different perspective when it comes to users. Some users think that they are officially secured after entering their username and password into the system, but in reality they are not. Several users are malicious and use various techniques to deceive other people such as downloading illegal software into a workplace computer and leaking information. Those users who do not have stronger passwords were more likely to have their information to be stolen by a criminal. These issues range from emails and telephones to face-to-face interactions, which make everything hard to catch potential attacks.

Read More

Summary: The Ethical Practice Of Identity Theft

841 Words | 4 Pages

The rapid proliferation of information technology has led to a significant rise in the number of people who use the internet in one way or another. With the growth in the number of persons who have an internet connection; certain individuals have begun to exploit this resource through the unethical practice of Identity theft. As more and more individuals are posting their personal information online, cybercriminals are stealing this information with the aim of assuming the victim's identity so as to either obtain financial advantage or benefits that are associated with the victim (Jewkes, 2013). The act of stealing other people's identity cannot be considered as ethical because it violates the victim's right to privacy.

Read More

Reaction Paper About Social Engineering

1868 Words | 8 Pages

There was no such thing as worldwide web to provide instant access to information. Now internet is almost everywhere and changing our live. This research paper will focus on social engineering attacks taking place in the digital realm and addresses the following questions. What social engineering is?

Read More

More about Vulnerability Severity Report Of World Flights Online Ltd

Related Topics

Open Document