2. Q: Visit any website and list security parameters you find on that
website. list them all also site name and purpose of the site?
ANSWER:
www.ptcl.com.pk
1.Use HTTPS :
HTTPS is a protocol used to provide security over the Internet. HTTPS
guarantees that users are talking to the server they expect, and that nobody else
can intercept or change the content they're seeing in transit.
2.Record User Access and Administrative Privileges:
Site name
Security parameters
3. 1.parameters’ Threats Consequences
INTEGRTY .1.Modification of user data, 1.Loss of information .
memory, message traffic in 2.Compromise of machine.
transmit.. 3.Vulnerability to all other
2.Trojan horse browser. threats.
Confidentiality 1. Eavesdropping on the net. 1. Loss of information and
2. Theft of information and privacy
data from server and client.
Denial of service 1. Killing of user threads. 1. Disupptive
2. Flooding machine with 2. Annoying
bogus requests. 3. Prevent user from
3. Filling up disk or memory. getting work done.
4. Isolating machine by DNS
attacks
Authentication 1. Impersonation of legitimate 1.Misrepresentation of
Users . user
2. Data forgery. 2. Belief that false
information is valid
4. Watch out for SQL injection:
SQL injection attacks are when an attacker uses a web form field or URL
parameter to gain access to or manipulate your database. When you
use standard Transact SQL it is easy to unknowingly insert rogue code
into your query that could be used to change tables, get information
and delete data.
Check your passwords:
Everyone knows they should use complex passwords, but that doesn’t
mean they always do. It is crucial to use strong passwords to your
server and website admin area, but equally also important to insist on
good password practices for your users to protect the security of their
accounts.
Keep software up to date:
5. It may seem obvious, but ensuring you keep all software up to date is
vital in keeping your site secure. This applies to both the server
operating system and any software you may be running on your
website such as a CMS or forum.