Network Penetration Testing SEC435Week 2 Discussion
Web Application ThreatsCurrent topic
Week 2 Discussion “Web Application Threats” Select one of the following and discuss in no less than three paragraphs, and have at least one response to another student of at least one paragraph:
The phishing attack is the number one security threat. Lots of people fall for phishing attacks by conning a victim into giving the attacker sensitive information. Typically, most phishing attacks are sent out to a large number of people with the hopes of a victim taking the bate, for example winning a gift card or sense of urgency your account is going to be canceled.
So many different methods to deliver the attack, social media, email, infecting site or phone calls. By tricking victims with spoofed links to sites, but it turns out to be a phishing site for logins. Attacks use spear-phishing attacks which will target a person or company using predetermine knowledge already obtained to customize the attack towards that target. With this phishing attack, it just takes a company or a user to slip up and fall for one of the phishing attacks, then this could compromise the whole network.
The man-in-the-middle attack is my number two security threat. This gives the attacker the ability to eavesdrop and obtain data on the network. Wi-Fi is a common way for this attack work and most people use them. All it takes is for the attack to manipulate the victim into joining the rogue access point and start gaining data from the victim. Using ARP Spoofing attack give the attack the ability to act as the host and sniff traffic, obtain session tokens and gain access to accounts.
The Malware attack is number three for security threats. This attack comes in as spyware/ransomware and commands and control bot-nets. The malware is spread by conning the user in downloading a program that is useful in the eyes of the victim but turns out to be a Trojan horse. It spreads by email, text, hacked websites, media like a flash drive. Ransomware can cause the user or business a huge headache by encrypting their valuable files and asking for a payment in to decrypt the data.
Click following link to download this document
SEC 435 Week 2 Discussion Web Application Threats.docx