Click the link above to submit your assignment.
Students, please view the “Submit a Clickable Rubric Assignment” video in the Student Center.
Instructors, training on how to grade is within the Instructor Center.
Case Study: Susan the SQL Programmer
Due Week 9 and worth 80 points
Read the case example about Susan the SQL Programmer on page 6-1 of the Ethical Hacking and Countermeasures: Web Applications and Data Servers textbook.
Write a three to four (3-4) page paper in which you:
1. Analyze the SQL injection steps that Susan used that enabled her to access the E-shopping4u.com database.
2. Describe at least two (2) tools that Susan could have used to assist her in the attack described within the case example, and suggest the key benefits that the chosen tools provide hackers. Justify your response.
3. Examine the critical manner in which different database systems (e.g., Oracle, MySQL, or Microsoft SQL Server-based, etc.) can play a significant role in the SQL injection attack steps.
4. Suggest at least two (2) security controls that E-shopping4u.com could have implemented in order to mitigate the risks of SQL injection. Further, determine whether or not you believe Susan’s attack would have been successful if such security controls were in place.
5. Use at least four (4) quality resources in this assignment. Note: Wikipedia and similar Websites do not qualify as quality resources.
Your assignment must follow these formatting requirements:
· Be typed, double spaced, using Times New Roman font (size 12), with one-inch margins on all sides; citations and references must follow APA or school-specific format. Check with your professor for any additional instructions.
· Include a cover page containing the title of the assignment, the student’s name, the professor’s name, the course title, and the date. The cover page and the reference page are not included in the required assignment page length.
The specific course learning outcomes associated with this assignment are:
· Summarize the manner in which database servers and applications are compromised and examine the steps that can be taken to mitigate such risks (e.g., SQL injection).
· Use technology and information resources to research issues in ethical hacking.
· Write clearly and concisely about topics related to Perimeter Defense Techniques, using proper writing mechanics and technical style conventions.
Grading for this assignment will be based on answer quality, logic / organization of the paper, and language and writing skills, using the following rubric.
Click here to view the grading rubric for this case study.
Points: 80
|
Case Study 1: Susan the SQL Programmer
|
Criteria
|
Unacceptable
Below 60% F
|
Meets Minimum Expectations
60-69% D
|
Fair
70-79% C
|
Proficient
80-89% B
|
Exemplary
90-100% A
|
1. Analyze the SQL injection steps that Susan used that enabled her to access the E-shopping4u.com database.
Weight: 20%
|
Did not submit or incompletely analyzed the SQL injection steps that Susan used that enabled her to access the E-shopping4u.com database.
|
Insufficiently analyzed the SQL injection steps that Susan used that enabled her to access the E-shopping4u.com database.
|
Partially analyzed the SQL injection steps that Susan used that enabled her to access the E-shopping4u.com database.
|
Satisfactorily analyzed the SQL injection steps that Susan used that enabled her to access the E-shopping4u.com database.
|
Thoroughly analyzed the SQL injection steps that Susan used that enabled her to access the E-shopping4u.com database.
|
2. Describe at least two (2) tools that Susan could have used to assist her in the attack described within the case example, and suggest the key benefits that the chosen tools provide hackers. Justify your response. Weight: 20%
|
Did not submit or incompletely described at least two (2) tools that Susan could have used to assist her in the attack described within the case example, and did not submit or incompletely suggested the key benefits that the chosen tools provide hackers. Did not submit or incompletely justified your response.
|
Insufficiently described at least two (2) tools that Susan could have used to assist her in the attack described within the case example, and insufficiently suggested the key benefits that the chosen tools provide hackers. Insufficiently justified your response.
|
Partially described at least two (2) tools that Susan could have used to assist her in the attack described within the case example, and partially suggested the key benefits that the chosen tools provide hackers. Partially justified your response.
|
Satisfactorily described at least two (2) tools that Susan could have used to assist her in the attack described within the case example, and satisfactorily suggested the key benefits that the chosen tools provide hackers. Satisfactorily justified your response.
|
Thoroughly described at least two (2) tools that Susan could have used to assist her in the attack described within the case example, and thoroughly suggested the key benefits that the chosen tools provide hackers. thoroughly justified your response.
|
3. Examine the critical manner in which different database systems (e.g., Oracle, MySQL, or Microsoft SQL Server-based, etc.) can play a significant role in the SQL injection attack steps.
Weight: 20%
|
Did not submit or incompletely examined the critical manner in which different database systems (e.g., Oracle, MySQL, or Microsoft SQL Server-based, etc.) can play a significant role in the SQL injection attack steps.
|
Insufficiently examined the critical manner in which different database systems (e.g., Oracle, MySQL, or Microsoft SQL Server-based, etc.) can play a significant role in the SQL injection attack steps.
|
Partially examined the critical manner in which different database systems (e.g., Oracle, MySQL, or Microsoft SQL Server-based, etc.) can play a significant role in the SQL injection attack steps.
|
Satisfactorily examined the critical manner in which different database systems (e.g., Oracle, MySQL, or Microsoft SQL Server-based, etc.) can play a significant role in the SQL injection attack steps.
|
Thoroughly examined the critical manner in which different database systems (e.g., Oracle, MySQL, or Microsoft SQL Server-based, etc.) can play a significant role in the SQL injection attack steps.
|
4. Suggest at least two (2) security controls that E-shopping4u.com could have implemented in order to mitigate the risks of SQL injection. Further, determine whether or not you believe Susan’s attack would have been successful if such security controls were in place.
Weight: 25%
|
Did not submit or incompletely suggested at least two (2) security controls that E-shopping4u.com could have implemented in order to mitigate the risks of SQL injection. Further, did not submit or incompletely determined whether or not you believe Susan’s attack would have been successful if such security controls were in place.
|
Insufficiently suggested at least two (2) security controls that E-shopping4u.com could have implemented in order to mitigate the risks of SQL injection. Further, insufficiently determined whether or not you believe Susan’s attack would have been successful if such security controls were in place.
|
Partially suggested at least two (2) security controls that E-shopping4u.com could have implemented in order to mitigate the risks of SQL injection. Further, partially determined whether or not you believe Susan’s attack would have been successful if such security controls were in place.
|
Satisfactorily suggested at least two (2) security controls that E-shopping4u.com could have implemented in order to mitigate the risks of SQL injection. Further, satisfactorily determined whether or not you believe Susan’s attack would have been successful if such security controls were in place.
|
Thoroughly suggested at least two (2) security controls that E-shopping4u.com could have implemented in order to mitigate the risks of SQL injection. Further, thoroughly determined whether or not you believe Susan’s attack would have been successful if such security controls were in place.
|
5. 3 references
Weight: 5%
|
No references provided
|
Does not meet the required number of references; all references poor quality choices.
|
Does not meet the required number of references; some references poor quality choices.
|
Meets number of required references; all references high quality choices.
|
Exceeds number of required references; all references high quality choices.
|
6. Clarity, writing mechanics, and formatting requirements
Weight: 10%
|
More than 8 errors present
|
7-8 errors present
|
5-6 errors present
|
3-4 errors present
|
0-2 errors present
|