TASK
Cross-site Scripting (XSS), Cross-site Request Forgery (CSRF) and Structured Query Language (SQL) Injections are common attacks, exploiting web application vulnerabilities. Your task is to select one attack type from either XSS, CSRF or SQL injection as the basis for your report and explain and graphically depict all components of the attack by addressing the following two requirements:
- Develop a detailed walkthrough of how your chosen attack type would theoretically operate in the real-world. This section should clearly represent each stage of the attack with supportive discussions.
- Select one CVE and proceed to identify and explain the intricacies of that real-world incident that eventuated based on your chosen attack type. By explaining your selected real-world incident, you should at a minimum answer the following questions:
- What was the outcome of your chosen incident?
- What was the impact of your chosen incident?
- Which aim(s) of security was breached and what were the resultant consequences?
- What specific action(s) did the vendor/company/ organization take to address the issue
TASK INFORMATION
- The report should make use of well thought out diagrams or flowcharts (where applicable) to demonstrate the procedure by which the attack type would typically be performed.
- Your target audience has very little understanding of cybersecurity. As a result, you must ensure that you communicate your report outcomes in a simple manner. Using complex descriptions or terminology will result in a loss of marks. Use acronyms correctly. Use analogies if it enables you to communicate the identified issue in a simplistic manner.
- You must make use of adequate in-text references throughout your entire report.
- Be creative in how you chose to communicate your findings. The report does not have to be a large collection of paraphrased text. Diagrams are a much more effective way of communicating an idea or concept. Tables and charts are an effective way to draw comparisons or contrast different ideas.
REPORT REQUIREMENTS
| Title page
Unit code and title, assignment title, your name and student number, campus, and your tutor’s name.
|
| Table of contents
This must accurately reflect the content of your report and should be generated automatically in Microsoft Word with page numbers.
|
| Introduction
A succinct overview of the report. What attack type did you select as the basis for the report? What did you discover? What approach did you use to undertake your research into the subject matter?
|
| Main content
This section should be divided into two clearly distinct sections. The first section should focus on explaining and exploring how your selected attack type functions. The second section should thoroughly explore a real-world incident.
|
| Summary
The section should briefly draw together the main points raised in the report.
You should not introduce or discuss any new information.
|
| Reference list
A list references formatted according to the ECU requirements using the APA format. Using the Endnote software will make this process very easy.
|
ASSIGNMENT SUBMISSION
The submission must be a single Microsoft Word document, submitted through Blackboard. Do not include an ECU assignment cover sheet for this submission.
LATE SUBMISSION
If you submit your assignment after the due date, then you will be penalized in accordance with the standard ECU regulations of 5% of the maximum mark, for every work day that your assignment is late. If your assignment is submitted more than 5 days late, then you will be awarded a mark of 0 for the assignment.
MARKING KEY
| Criteria | Level of Achievement | ||||
| Not met | Attempt made | Good attempt | Almost perfect | Perfect | |
| Title page, contents page, introduction, and conclusion meet the report requirements? | 0 | 0.5 | 1 | 1.5 | 2 |
| Technical components of the chosen attack type have been correctly demonstrated through the walkthrough? | 0 | 1 | 2 | 3 | 4 |
| The real-world incident has been thoroughly explained and answers addressed? | 0 | 1 | 2 | 3 | 4 |
| Diagrams and/or flowcharts have been correctly used to explore each stage of the chosen attack type? | 0 | 1 | 2 | 3 | 4 |
| A report has been communicated in a manner suitable for a novice end-user? | 0 | 1 | 2 | 3 | 4 |
| In-text references have been used correctly and align to an appropriately formatted APA 6threference list. | 0 | 0.5 | 1 | 1.5 | 2 |
No comments:
Post a Comment