As an information security professional, you will often be called deal with security threats that impact the organization on an ongoing basis, and to provide guidance to multiple organizational units on ways to recognize, cope with, and avoid these threats. In this assignment, you will research in detail an attack type or threat assigned by your instructor (command injection). As a project group you will develop a mini-training course on your assigned topic and deliver that training to the class.
Deliverables for this assignment include (but aren’t limited to):
- A white paper on command injection. The paper will provide:
- A description of the threat/attack method, including the types of attacks performed (DoS, Access, etc). There are multiple versions of many attacks, so you should go over the major forms/groupings.
- A description of how the attack is performed. (What elements in the network are being attacked, tools used, vulnerability being exploited)
- Attack signature for inclusion in an organizational Incident Response Plan (How would we recognize the attack on our systems?)
- Faulty practices (programming, design, training, etc.) that enable the threat/attack
- Industry Best Practices for avoiding or mitigating the risk of this threat or attack form
- References for further study (Technical and Cases)
- 5 multiple choice and 1 essay question with grading rubric for use as part of the unit exam