A Script Injection As A Security Threat Or Threat

Vulnerabilities as we know are potential loopholes in the system that can pose as a security threat or cause a security breach. Some of the known vulnerabilities that exist today are SQL injection, cross-site scripting, security misconfiguration and spoofing to name a few. A script injection is used in cross-site scripting. We see vulnerabilities or threats of some kind quite often in our daily interaction with a web application. For example, on a web application like daily motion, a third party comment is an example of untrusted data. Malicious code embedded in such scripts, these requests seem benign on the outside to the web application server; application server returns the data to the unsuspecting user. Web browsers execute†¦show more content†¦Weakness in web applications allow perpetrators to exploit a web application enabling them to steal sensitive and confidential data, sell it or even modify it for making easy profits. A threat model for web applications A threat is an interaction in which an application or a system is misused in a way that can cause potential harm. An attack on the other hand is bringing the threat into reality and carrying out malicious activity by harming the system. A threat model contains a concise list of the type of attack, the system that was attack, method of attack, attackers profile, their motivation, a goal, the impact it had or may have (if successful). There are steps to the threat modeling process and they are as follows: 1. Identify Assets: the value of assets maintained by that particular application or system. 2. Create an architecture overview: Having diagrams serve as the visual representation of the proposed models and its underlying principles. 3. Decompose the application: Breaking your application in several layers will expose any vulnerability that may be hiding in the plain sight. 4. Identify threats: Having a sound knowledge of what types of threat exist will help designers incorporate the countermeasures within the design. 5. Rate the threats: After preparing a comprehensive list of known and unknown threats, rate the threats. Create a prioritized list of threats based on the severity and impact