Add to collection(s) Add to saved
  1. Engineering & Technology
  2. Computer Science
  3. Information Security

Appendix

advertisement 
Appendix
Suggested Control Techniques and Procedures
for Reducing Internet Hacking Risks
a)
The system development life cycle should take into consideration security
requirements including logon controls, session management, data integrity, access
controls and audit logging, security controls testing should be conducted;
b)
There should be secure coding practice to address common program code
vulnerabilities found in web applications, such as SQL injection attack1, cross-site
scripting attack2, with reference to industry standard, e.g., OWASP3;
c)
There should be robust security controls in the technology infrastructure (e.g., system
hardening, patch management, audit log monitoring) to support the internet trading
systems;
d)
The system architecture design should take into account security considerations, such
as firewall architecture, implementation of intrusion detection / prevention system
(“IDS/IPS”), subscription to DDoS attack4 prevention solution, etc.;
e)
Incident response and escalation procedures should be established in the event of the
internet trading systems coming under attack or being compromised; and
f)
Relevant staff should be provided with IT security awareness trainings.
1
2
3
4
A SQL injection attack consists of insertion or "injection" of a database query via the input data to
the web application. A successful SQL injection attack can read / modify sensitive data from the
database, execute administration operations on the database and even issue commands to the
operating system.
Cross-site scripting (XSS) attacks occur when an attacker uses a web application to send malicious
code to an unsuspecting user.
The Open Web Application Security Project (OWASP) is an open-source web application security
project.
A distributed denial of service attack (DDoS) occurs when multiple systems from different locations
are manipulated by an attacker to flood the bandwidth or resources of a targeted system so that the
targeted system cannot function as normal.
1 of 1
Tel: (852) 2231 1222
Fax: (852) 2284 4660
Website: www.sfc.hk
Related documents
 
 
Hands on Demonstration for Testing Security in Web Applications
Hands on Demonstration for Testing Security in Web Applications
Application vulnerabilities and defences
Application vulnerabilities and defences
SYO-601 Security+ Review Sheet - Attacks
SYO-601 Security+ Review Sheet - Attacks
Powerpoint Slides
Powerpoint Slides
311-LA-Clinic-2-Local
311-LA-Clinic-2-Local
WEB TECHNOLOGY 02062020
WEB TECHNOLOGY 02062020
Application Security Secure Software Development
Application Security Secure Software Development
LETICIA COPY
LETICIA COPY
A Review of Detection and Prevention Techniques of SQL Injection
A Review of Detection and Prevention Techniques of SQL Injection
Cyber
Cyber
Anirudh Poojary Certification Project
Anirudh Poojary Certification Project
IRJET-Bug Hunting using Web Application Penetration Testing Techniques.
IRJET-Bug Hunting using Web Application Penetration Testing Techniques.
reference18---2019
reference18---2019
sql WriteUp
sql WriteUp
IRJET- An Efficient Technique for Finding SQL Injection using Reverse Proxy Server
IRJET- An Efficient Technique for Finding SQL Injection using Reverse Proxy Server
SIDP-SQL Injection Detector and Preventer
SIDP-SQL Injection Detector and Preventer
1#SQL injection cheat sheet some best practices to prevent SQL injection attacks - Appsbd
1#SQL injection cheat sheet some best practices to prevent SQL injection attacks - Appsbd
SQL Injection Attack Detection and Prevention Techniques to Secure Web Site
SQL Injection Attack Detection and Prevention Techniques to Secure Web Site
SOC Interview Questions and Answers
SOC Interview Questions and Answers
SQL-Injection-White-Paper
SQL-Injection-White-Paper
Individual presentations
Individual presentations
Download
advertisement