Sec420: week 9: case study: susan the sql programmer

Week 9 Case Study Submission

Click the link above to submit your assignment.

Students, please view the “Submit a Clickable Rubric Assignment” video in the Student Center.
Instructors, training on how to grade is within the Instructor Center.

Case Study: Susan the SQL Programmer

Due Week 9 and worth 80 points

Read the case example about Susan the SQL Programmer on page 6-1 of the Ethical Hacking and Countermeasures: Web Applications and Data Servers textbook. 

Write a three to four (3-4) page paper in which you:

1.       Analyze the SQL injection steps that Susan used that enabled her to access the E-shopping4u.com database. 

2.       Describe at least two (2) tools that Susan could have used to assist her in the attack described within the case example, and suggest the key benefits that the chosen tools provide hackers. Justify your response.

3.       Examine the critical manner in which different database systems (e.g., Oracle, MySQL, or Microsoft SQL Server-based, etc.) can play a significant role in the SQL injection attack steps.

4.       Suggest at least two (2) security controls that E-shopping4u.com could have implemented in order to mitigate the risks of SQL injection. Further, determine whether or not you believe Susan’s attack would have been successful if such security controls were in place.

5.       Use at least four (4) quality resources in this assignment. Note: Wikipedia and similar Websites do not qualify as quality resources. 

Your assignment must follow these formatting requirements:

·         Be typed, double spaced, using Times New Roman font (size 12), with one-inch margins on all sides; citations and references must follow APA or school-specific format. Check with your professor for any additional instructions.

·         Include a cover page containing the title of the assignment, the student’s name, the professor’s name, the course title, and the date. The cover page and the reference page are not included in the required assignment page length.

The specific course learning outcomes associated with this assignment are:

·         Summarize the manner in which database servers and applications are compromised and examine the steps that can be taken to mitigate such risks (e.g., SQL injection). 

·         Use technology and information resources to research issues in ethical hacking.

·         Write clearly and concisely about topics related to Perimeter Defense Techniques, using proper writing mechanics and technical style conventions.

Grading for this assignment will be based on answer quality, logic / organization of the paper, and language and writing skills, using the following rubric.

 

Click here to view the grading rubric for this case study.

Points: 80

Case Study 1: Susan the SQL Programmer

Criteria

 

Unacceptable

Below 60% F

Meets Minimum Expectations

60-69% D

 

Fair

70-79% C

 

Proficient

80-89% B

 

Exemplary

90-100% A

1. Analyze the SQL injection steps that Susan used that enabled her to access the E-shopping4u.com database.

Weight: 20%

Did not submit or incompletely analyzed the SQL injection steps that Susan used that enabled her to access the E-shopping4u.com database.

Insufficiently analyzed the SQL injection steps that Susan used that enabled her to access the E-shopping4u.com database.

Partially analyzed the SQL injection steps that Susan used that enabled her to access the E-shopping4u.com database.

Satisfactorily analyzed the SQL injection steps that Susan used that enabled her to access the E-shopping4u.com database.

Thoroughly analyzed the SQL injection steps that Susan used that enabled her to access the E-shopping4u.com database.

2. Describe at least two (2) tools that Susan could have used to assist her in the attack described within the case example, and suggest the key benefits that the chosen tools provide hackers. Justify your response.
Weight: 20%

Did not submit or incompletely described at least two (2) tools that Susan could have used to assist her in the attack described within the case example, and did not submit or incompletely suggested the key benefits that the chosen tools provide hackers. Did not submit or incompletely justified your response.

Insufficiently described at least two (2) tools that Susan could have used to assist her in the attack described within the case example, and insufficiently suggested the key benefits that the chosen tools provide hackers. Insufficiently justified your response.

Partially described at least two (2) tools that Susan could have used to assist her in the attack described within the case example, and partially suggested the key benefits that the chosen tools provide hackers. Partially justified your response.

Satisfactorily described at least two (2) tools that Susan could have used to assist her in the attack described within the case example, and satisfactorily suggested the key benefits that the chosen tools provide hackers. Satisfactorily justified your response.

Thoroughly described at least two (2) tools that Susan could have used to assist her in the attack described within the case example, and thoroughly suggested the key benefits that the chosen tools provide hackers. thoroughly justified your response.

3. Examine the critical manner in which different database systems (e.g., Oracle, MySQL, or Microsoft SQL Server-based, etc.) can play a significant role in the SQL injection attack steps.

Weight: 20%

Did not submit or incompletely examined the critical manner in which different database systems (e.g., Oracle, MySQL, or Microsoft SQL Server-based, etc.) can play a significant role in the SQL injection attack steps.

Insufficiently examined the critical manner in which different database systems (e.g., Oracle, MySQL, or Microsoft SQL Server-based, etc.) can play a significant role in the SQL injection attack steps.

Partially examined the critical manner in which different database systems (e.g., Oracle, MySQL, or Microsoft SQL Server-based, etc.) can play a significant role in the SQL injection attack steps.

Satisfactorily examined the critical manner in which different database systems (e.g., Oracle, MySQL, or Microsoft SQL Server-based, etc.) can play a significant role in the SQL injection attack steps.

Thoroughly examined the critical manner in which different database systems (e.g., Oracle, MySQL, or Microsoft SQL Server-based, etc.) can play a significant role in the SQL injection attack steps.

4. Suggest at least two (2) security controls that E-shopping4u.com could have implemented in order to mitigate the risks of SQL injection. Further, determine whether or not you believe Susan’s attack would have been successful if such security controls were in place.

Weight: 25%

Did not submit or incompletely suggested at least two (2) security controls that E-shopping4u.com could have implemented in order to mitigate the risks of SQL injection. Further, did not submit or incompletely determined whether or not you believe Susan’s attack would have been successful if such security controls were in place.

Insufficiently suggested at least two (2) security controls that E-shopping4u.com could have implemented in order to mitigate the risks of SQL injection. Further, insufficiently determined whether or not you believe Susan’s attack would have been successful if such security controls were in place.

Partially suggested at least two (2) security controls that E-shopping4u.com could have implemented in order to mitigate the risks of SQL injection. Further, partially determined whether or not you believe Susan’s attack would have been successful if such security controls were in place.

Satisfactorily suggested at least two (2) security controls that E-shopping4u.com could have implemented in order to mitigate the risks of SQL injection. Further, satisfactorily determined whether or not you believe Susan’s attack would have been successful if such security controls were in place.

Thoroughly suggested at least two (2) security controls that E-shopping4u.com could have implemented in order to mitigate the risks of SQL injection. Further, thoroughly determined whether or not you believe Susan’s attack would have been successful if such security controls were in place.

5. 3 references

Weight: 5%

No references provided

Does not meet the required number of references; all references poor quality choices.

Does not meet the required number of references; some references poor quality choices.

Meets number of required references; all references high quality choices.

Exceeds number of required references; all references high quality choices.

6. Clarity, writing mechanics, and formatting requirements

Weight: 10%

More than 8 errors present

7-8 errors present

5-6 errors present

3-4 errors present

0-2 errors present

Order a unique copy of this paper
(550 words)

Approximate price: $22

Basic features
  • Free title page and bibliography
  • Unlimited revisions
  • Plagiarism-free guarantee
  • Money-back guarantee
  • 24/7 support
On-demand options
  • Writer’s samples
  • Part-by-part delivery
  • Overnight delivery
  • Copies of used sources
  • Expert Proofreading
Paper format
  • 275 words per page
  • 12 pt Arial/Times New Roman
  • Double line spacing
  • Any citation style (APA, MLA, Chicago/Turabian, Harvard)

Our guarantees

We value our customers and so we ensure that what we do is 100% original..
With us you are guaranteed of quality work done by our qualified experts.Your information and everything that you do with us is kept completely confidential.

Money-back guarantee

You have to be 100% sure of the quality of your product to give a money-back guarantee. This describes us perfectly. Make sure that this guarantee is totally transparent.

Read more

Zero-plagiarism guarantee

The Product ordered is guaranteed to be original. Orders are checked by the most advanced anti-plagiarism software in the market to assure that the Product is 100% original. The Company has a zero tolerance policy for plagiarism.

Read more

Free-revision policy

The Free Revision policy is a courtesy service that the Company provides to help ensure Customer’s total satisfaction with the completed Order. To receive free revision the Company requires that the Customer provide the request within fourteen (14) days from the first completion date and within a period of thirty (30) days for dissertations.

Read more

Privacy policy

The Company is committed to protect the privacy of the Customer and it will never resell or share any of Customer’s personal information, including credit card data, with any third party. All the online transactions are processed through the secure and reliable online payment systems.

Read more

Fair-cooperation guarantee

By placing an order with us, you agree to the service we provide. We will endear to do all that it takes to deliver a comprehensive paper as per your requirements. We also count on your cooperation to ensure that we deliver on this mandate.

Read more

Calculate the price of your order

550 words
We'll send you the first draft for approval by September 11, 2018 at 10:52 AM
Total price:
$26
The price is based on these factors:
Academic level
Number of pages
Urgency