Assignment 1: LASA 2: Security Review Report
Consider the following:
Providing a secure information systems environment requires taking a proactive approach to security. One way to do this is by hiring external security consultants or auditors to evaluate the security of an organization’s network.
Assume that you have been selected as the security consultant to perform a security review for an organization of your choice. The organization that you select for this assignment should have a public-facing website and, at minimum, one web application that can be used for this task.
You have been asked to review the website security of the organization of your choice and any web applications that are part of this site. Security risks such as SQL injection and social engineering should be considered.
For this assignment, you should begin with a footprinting analysis (security reconnaissance) of the selected organization. Gather as much background information on the organization and its website as you can.
Prepare an 8- to 10-page report on the following aspects:
- Summarize the footprinting analysis of the company you selected.
- Explain how the information gathered during your footprinting analysis could be utilized to initiate an attack against the organization.
- Describe potential social engineering methods that could be used to acquire information about the organization’s computing environment.
- List at least 4–5 appropriate prevention techniques that can be used to thwart such social engineering techniques.
- Enumerate a series of countermeasures that can be used to avoid this type of footprinting attack.
- Identify a list of 10 web server vulnerabilities that the organization is most susceptible to.
- Determine at least 10 threats against the organization’s web applications that pose the greatest risk to the organization.
- Describe how SQL injection could pose a potential security threat to the organization’s web applications.
Your final deliverable will be 8–10 pages in length; utilize at least 3–5 scholarly sources in your research. Your paper should be written in a clear, concise, and organized manner; demonstrate ethical scholarship in accurate representation and attribution of sources; and display accurate spelling, grammar, and punctuation.
- Save the final assignment as M5_A1_Lastname_Firstname.doc.
- By Monday, June 27, 2016, submit your final assignment to the M5 Assignment 1 LASA 2 Dropbox.
LASA 2 Grading Criteria and Rubric
All LASAs in this course will be graded using a rubric. This assignment is worth 300 points. Download the rubric and carefully read it to understand the expectations.
|Assignment 1 Grading Criteria||
|Selected an organization with a website featuring one or more web applications. Summarized footprinting analysis of the selected company.||
|Explained how the information gathered during your footprinting analysis could be utilized to initiate an attack against the organization.||
|Described potential social engineering methods that could be used to acquire information about the organization’s computing environment.||
|Listed appropriate prevention techniques that can be used to thwart such social engineering techniques.||
|Enumerated a series of countermeasures that can be used to avoid this type of footprinting attack.||
|Identified a list of web server vulnerabilities that the organization is most susceptible to.||
|Determined which threats against the organization’s web applications pose the greatest risk to the organization.||
|Described how an SQL injection could pose a potential security threat to the organization’s web applications.||