Scenario
Aim Higher College just learned that sensitive information has been stolen from a student information system and posted on the Web. After reviewing web
server and database logs, the Aim Higher IT security team believes that the source of the problem is a SQL injection vulnerability. The vulnerability appears to
exist in a web application used by students to register for courses. As part of the incident response report to be submitted to Aim Higher College’s
management staff, your supervisor asks you to provide details about this type of vulnerability, how an attacker might exploit it, and methods of detection and
removal.
TASKS:
Research SQL injection attacks on the Internet to supplement your existing knowledge. Using the information you discovered during this research, in
conjunction with what you learned in class, write an incident response report for Aim Higher College’s management detailing the following information:
A non-technical descriiption of SQL injection vulnerabilities intended for a college management audience.
The threat that SQL injection poses to the college’s data. Include three possible scenarios that describe:
How an attacker might conduct this type of attack…
