Academic Integrity: tutoring, explanations, and feedback — we don’t complete graded work or submit on a student’s behalf.

You are charged with maintaining a legacy Web application. It is a publicly faci

ID: 642404 • Letter: Y

Question

You are charged with maintaining a legacy Web application. It is a publicly facing e-Commerce site that allows customers to search for and order commemorative memorabilia and souvenirs using credit or debit card through an HTTP interface. Even though the Web server software is outdated and is no longer supported, it has been extremely reliable and has supported all updates to the application. There is a publicly accessible search mechanism that allows you to pull up your previous order and payment information using other previous order information.

To order souvenirs or memorabilia, you are required to search for the items you would like to order and submit your order request via a Web form. The customer service personnel login and are granted full access rights to the application and database to assist customers with any issues including ordering questions and credit card issues.?

List and explain the attack surfaces for this scenario

Explanation / Answer

1. Message-passing system may lead to numerous vulnerabilities in third-party applications as a result of developers confusing inter-application and intra-application communication mechanisms.

2. The contents of messages can be sniffed, modified, stolen, or replaced (which can compromise user privacy) and data or otherwise malicious messages can be forged or injected into an application.

3.Broadcast Intents are vulnerable to passive eavesdropping, which can harm security or privacy if the Intent contains sensitive data.

4.Ordered broadcast Intents, which are delivered to Broadcast Receivers in priority order, are vulnerable to b oth active denial of service attacks and malicious data injection.

5.Activity and Service Intents are vulnerable to hijacking Attacks, in which an attacker intercepts a request to start an

Activity or a request to start or bind to a Service and the malicious application starts its own Activity or Service in its place. This attack allows an attacker to steal data from the Intent, hijack the user interface in a way that may b e transparent to the user, and return malicious data to the sending component.

6. The spoofed broadcast may then cause the victim comp onent to change some state in a way that damages the user

Related Questions

You are called in as a financial analyst to appraise the bonds of Olsen’s Clothi
Question #2717516
You are called in as a financial analyst to appraise the bonds of Olsen’s Clothi
Question #2743326
You are called in as a financial analyst to appraise the bonds of Olsen’s Clothi
Question #2743634
You are called in as a financial analyst to appraise the bonds of Olsen’s Clothi
Question #2760063
You are called in as a financial analyst to appraise the bonds of Olsen’s Clothi
Question #2767238
You are called in as a financial analyst to appraise the bonds of Olsen’s Clothi
Question #2776084
You are called in as a financial analyst to appraise the bonds of Olsen’s Clothi
Question #2784734
You are called in as a financial analyst to appraise the bonds of Olsen’s Clothi
Question #2809177
Hire Me For All Your Tutoring Needs
Integrity-first tutoring: clear explanations, guidance, and feedback.
Drop an Email at
drjack9650@gmail.com
Chat Now And Get Quote

Navigate

Previous
You are charged with maintaining a large C program, and you come across the foll
Next
You are charging a capacitor with capacitance C through a resistance R, using a

Integrity-first tutoring: explanations and feedback only — we do not complete graded work. Learn more.