SEC 420 Week 9 Case Study
Case Study: Susan the SQL Programmer
Due Week 9 and worth 80 points
Read the case example about Susan the SQL Programmer on page 6-1 of the Ethical Hacking and Countermeasures: Web Applications and Data Servers textbook.
Write a two to four (2-4) page paper in which you:
- Analyze the SQL injection steps that Susan used that enabled her to access the
- Describe at least two (2) tools that Susan could have used to assist her in the attack described within the case example, and suggest the key benefits that the chosen tools provide hackers. Justify your response.
- Examine the critical manner in which different database systems (e.g., Oracle, MySQL, or Microsoft SQL Server-based, etc.) can play a significant role in the SQL injection attack steps.
- Suggest at least two (2) security controls that E-shopping4u.com could have implemented in order to mitigate the risks of SQL injection. Further, determine whether or not you believe Susan’s attack would have been successful if such security controls were in place.
- Use at least three (3) quality resources in this assignment.Note: Wikipedia and similar Websites do not qualify as quality resources.
Your assignment must follow these formatting requirements:
- Be typed, double spaced, using Times New Roman font (size 12), with one-inch margins on all sides; citations and references must follow APA or school-specific format. Check with your professor for any additional instructions.
- Include a cover page containing the title of the assignment, the student’s name, the professor’s name, the course title, and the date. The cover page and the reference page are not included in the required assignment page length.
The specific course learning outcomes associated with this assignment are:
- Summarize the manner in which database servers and applications are compromised and examine the steps that can be taken to mitigate such risks (e.g., SQL injection).
- Use technology and information resources to research issues in ethical hacking.
- Write clearly and concisely about topics related to Perimeter Defense Techniques, using proper writing mechanics and technical style conventions.