Add to collection(s) Add to saved
  1. Engineering & Technology
  2. Computer Science
  3. Information Security

Appendix

advertisement 
Appendix
Suggested Control Techniques and Procedures
for Reducing Internet Hacking Risks
a)
The system development life cycle should take into consideration security
requirements including logon controls, session management, data integrity, access
controls and audit logging, security controls testing should be conducted;
b)
There should be secure coding practice to address common program code
vulnerabilities found in web applications, such as SQL injection attack1, cross-site
scripting attack2, with reference to industry standard, e.g., OWASP3;
c)
There should be robust security controls in the technology infrastructure (e.g., system
hardening, patch management, audit log monitoring) to support the internet trading
systems;
d)
The system architecture design should take into account security considerations, such
as firewall architecture, implementation of intrusion detection / prevention system
(“IDS/IPS”), subscription to DDoS attack4 prevention solution, etc.;
e)
Incident response and escalation procedures should be established in the event of the
internet trading systems coming under attack or being compromised; and
f)
Relevant staff should be provided with IT security awareness trainings.
1
2
3
4
A SQL injection attack consists of insertion or "injection" of a database query via the input data to
the web application. A successful SQL injection attack can read / modify sensitive data from the
database, execute administration operations on the database and even issue commands to the
operating system.
Cross-site scripting (XSS) attacks occur when an attacker uses a web application to send malicious
code to an unsuspecting user.
The Open Web Application Security Project (OWASP) is an open-source web application security
project.
A distributed denial of service attack (DDoS) occurs when multiple systems from different locations
are manipulated by an attacker to flood the bandwidth or resources of a targeted system so that the
targeted system cannot function as normal.
1 of 1
Tel: (852) 2231 1222
Fax: (852) 2284 4660
Website: www.sfc.hk
Related documents
 
 
Hands on Demonstration for Testing Security in Web Applications
Hands on Demonstration for Testing Security in Web Applications
Application vulnerabilities and defences
Application vulnerabilities and defences
SYO-601 Security+ Review Sheet - Attacks
SYO-601 Security+ Review Sheet - Attacks
Powerpoint Slides
Powerpoint Slides
311-LA-Clinic-2-Local
311-LA-Clinic-2-Local
WEB TECHNOLOGY 02062020
WEB TECHNOLOGY 02062020
Application Security Secure Software Development
Application Security Secure Software Development
LETICIA COPY
LETICIA COPY
A Review of Detection and Prevention Techniques of SQL Injection
A Review of Detection and Prevention Techniques of SQL Injection
Cyber
Cyber
Anirudh Poojary Certification Project
Anirudh Poojary Certification Project
Download
advertisement