Sec420: week 9: case study: susan the sql programmer

Week 9 Case Study Submission

Click the link above to submit your assignment.

Students, please view the “Submit a Clickable Rubric Assignment” video in the Student Center.
Instructors, training on how to grade is within the Instructor Center.

Case Study: Susan the SQL Programmer

Due Week 9 and worth 80 points

Read the case example about Susan the SQL Programmer on page 6-1 of the Ethical Hacking and Countermeasures: Web Applications and Data Servers textbook. 

Write a three to four (3-4) page paper in which you:

1.       Analyze the SQL injection steps that Susan used that enabled her to access the E-shopping4u.com database. 

2.       Describe at least two (2) tools that Susan could have used to assist her in the attack described within the case example, and suggest the key benefits that the chosen tools provide hackers. Justify your response.

3.       Examine the critical manner in which different database systems (e.g., Oracle, MySQL, or Microsoft SQL Server-based, etc.) can play a significant role in the SQL injection attack steps.

4.       Suggest at least two (2) security controls that E-shopping4u.com could have implemented in order to mitigate the risks of SQL injection. Further, determine whether or not you believe Susan’s attack would have been successful if such security controls were in place.

5.       Use at least four (4) quality resources in this assignment. Note: Wikipedia and similar Websites do not qualify as quality resources. 

Your assignment must follow these formatting requirements:

·         Be typed, double spaced, using Times New Roman font (size 12), with one-inch margins on all sides; citations and references must follow APA or school-specific format. Check with your professor for any additional instructions.

·         Include a cover page containing the title of the assignment, the student’s name, the professor’s name, the course title, and the date. The cover page and the reference page are not included in the required assignment page length.

The specific course learning outcomes associated with this assignment are:

·         Summarize the manner in which database servers and applications are compromised and examine the steps that can be taken to mitigate such risks (e.g., SQL injection). 

·         Use technology and information resources to research issues in ethical hacking.

·         Write clearly and concisely about topics related to Perimeter Defense Techniques, using proper writing mechanics and technical style conventions.

Grading for this assignment will be based on answer quality, logic / organization of the paper, and language and writing skills, using the following rubric.

 

Click here to view the grading rubric for this case study.

Points: 80

Case Study 1: Susan the SQL Programmer

Criteria

 

Unacceptable

Below 60% F

Meets Minimum Expectations

60-69% D

 

Fair

70-79% C

 

Proficient

80-89% B

 

Exemplary

90-100% A

1. Analyze the SQL injection steps that Susan used that enabled her to access the E-shopping4u.com database.

Weight: 20%

Did not submit or incompletely analyzed the SQL injection steps that Susan used that enabled her to access the E-shopping4u.com database.

Insufficiently analyzed the SQL injection steps that Susan used that enabled her to access the E-shopping4u.com database.

Partially analyzed the SQL injection steps that Susan used that enabled her to access the E-shopping4u.com database.

Satisfactorily analyzed the SQL injection steps that Susan used that enabled her to access the E-shopping4u.com database.

Thoroughly analyzed the SQL injection steps that Susan used that enabled her to access the E-shopping4u.com database.

2. Describe at least two (2) tools that Susan could have used to assist her in the attack described within the case example, and suggest the key benefits that the chosen tools provide hackers. Justify your response.
Weight: 20%

Did not submit or incompletely described at least two (2) tools that Susan could have used to assist her in the attack described within the case example, and did not submit or incompletely suggested the key benefits that the chosen tools provide hackers. Did not submit or incompletely justified your response.

Insufficiently described at least two (2) tools that Susan could have used to assist her in the attack described within the case example, and insufficiently suggested the key benefits that the chosen tools provide hackers. Insufficiently justified your response.

Partially described at least two (2) tools that Susan could have used to assist her in the attack described within the case example, and partially suggested the key benefits that the chosen tools provide hackers. Partially justified your response.

Satisfactorily described at least two (2) tools that Susan could have used to assist her in the attack described within the case example, and satisfactorily suggested the key benefits that the chosen tools provide hackers. Satisfactorily justified your response.

Thoroughly described at least two (2) tools that Susan could have used to assist her in the attack described within the case example, and thoroughly suggested the key benefits that the chosen tools provide hackers. thoroughly justified your response.

3. Examine the critical manner in which different database systems (e.g., Oracle, MySQL, or Microsoft SQL Server-based, etc.) can play a significant role in the SQL injection attack steps.

Weight: 20%

Did not submit or incompletely examined the critical manner in which different database systems (e.g., Oracle, MySQL, or Microsoft SQL Server-based, etc.) can play a significant role in the SQL injection attack steps.

Insufficiently examined the critical manner in which different database systems (e.g., Oracle, MySQL, or Microsoft SQL Server-based, etc.) can play a significant role in the SQL injection attack steps.

Partially examined the critical manner in which different database systems (e.g., Oracle, MySQL, or Microsoft SQL Server-based, etc.) can play a significant role in the SQL injection attack steps.

Satisfactorily examined the critical manner in which different database systems (e.g., Oracle, MySQL, or Microsoft SQL Server-based, etc.) can play a significant role in the SQL injection attack steps.

Thoroughly examined the critical manner in which different database systems (e.g., Oracle, MySQL, or Microsoft SQL Server-based, etc.) can play a significant role in the SQL injection attack steps.

4. Suggest at least two (2) security controls that E-shopping4u.com could have implemented in order to mitigate the risks of SQL injection. Further, determine whether or not you believe Susan’s attack would have been successful if such security controls were in place.

Weight: 25%

Did not submit or incompletely suggested at least two (2) security controls that E-shopping4u.com could have implemented in order to mitigate the risks of SQL injection. Further, did not submit or incompletely determined whether or not you believe Susan’s attack would have been successful if such security controls were in place.

Insufficiently suggested at least two (2) security controls that E-shopping4u.com could have implemented in order to mitigate the risks of SQL injection. Further, insufficiently determined whether or not you believe Susan’s attack would have been successful if such security controls were in place.

Partially suggested at least two (2) security controls that E-shopping4u.com could have implemented in order to mitigate the risks of SQL injection. Further, partially determined whether or not you believe Susan’s attack would have been successful if such security controls were in place.

Satisfactorily suggested at least two (2) security controls that E-shopping4u.com could have implemented in order to mitigate the risks of SQL injection. Further, satisfactorily determined whether or not you believe Susan’s attack would have been successful if such security controls were in place.

Thoroughly suggested at least two (2) security controls that E-shopping4u.com could have implemented in order to mitigate the risks of SQL injection. Further, thoroughly determined whether or not you believe Susan’s attack would have been successful if such security controls were in place.

5. 3 references

Weight: 5%

No references provided

Does not meet the required number of references; all references poor quality choices.

Does not meet the required number of references; some references poor quality choices.

Meets number of required references; all references high quality choices.

Exceeds number of required references; all references high quality choices.

6. Clarity, writing mechanics, and formatting requirements

Weight: 10%

More than 8 errors present

7-8 errors present

5-6 errors present

3-4 errors present

0-2 errors present

Place your order
(550 words)

Approximate price: $22

Calculate the price of your order

550 words
We'll send you the first draft for approval by September 11, 2018 at 10:52 AM
Total price:
$26
The price is based on these factors:
Academic level
Number of pages
Urgency
Basic features
  • Free title page and bibliography
  • Unlimited revisions
  • Plagiarism-free guarantee
  • Money-back guarantee
  • 24/7 support
On-demand options
  • Writer’s samples
  • Part-by-part delivery
  • Overnight delivery
  • Copies of used sources
  • Expert Proofreading
Paper format
  • 275 words per page
  • 12 pt Arial/Times New Roman
  • Double line spacing
  • Any citation style (APA, MLA, Chicago/Turabian, Harvard)

Our guarantees

Delivering a high-quality product at a reasonable price is not enough anymore.
That’s why we have developed 5 beneficial guarantees that will make your experience with our service enjoyable, easy, and safe.

Money-back guarantee

You have to be 100% sure of the quality of your product to give a money-back guarantee. This describes us perfectly. Make sure that this guarantee is totally transparent.

Read more

Zero-plagiarism guarantee

Each paper is composed from scratch, according to your instructions. It is then checked by our plagiarism-detection software. There is no gap where plagiarism could squeeze in.

Read more

Free-revision policy

Thanks to our free revisions, there is no way for you to be unsatisfied. We will work on your paper until you are completely happy with the result.

Read more

Privacy policy

Your email is safe, as we store it according to international data protection rules. Your bank details are secure, as we use only reliable payment systems.

Read more

Fair-cooperation guarantee

By sending us your money, you buy the service we provide. Check out our terms and conditions if you prefer business talks to be laid out in official language.

Read more