Server-Side Dynamic Web Pages, Coursework Example

Although associated with exploitation of the web and potential security risks, server-side dynamic web pages should be developed by programmers they are versatile to different users. Server-side scripting is useful since it changes the content of the web on different web pages in order to adjust the reload or sequence of web pages. Server-side scripting is preferred to client-side scripting since its responses are controlled by conditions such as data in HTML form, server state or database, the passage of time, or the parameters in the form of URL. Additionally, server-side scripting is advantageous since it is often cached with few or no changes anticipated to adjust the page. In the event of web traffic that creates slow load times, the server-side script creates additional pages to alter changes for each request.

To allow access to web pages with malicious content, attackers deploy SQL injection to introduce codes, client-side script, into a Web output of the application such as JavaScript. Reasonably, most Web pages have various injection points such as feedback forms, search fields, forums, and cookies that are prone to cross-site scripting. Attackers deploy SQL injection to generate cookie data since cookies are used regularly and commonly incorrectly to stock data such as login information, user preferences, or sessions IDs. Although information stored in client-side script cannot affect server-side information, attackers comprise site’s security in order to allow user’s access to Web page. Attackers ensure that all comments are held in online databases and displayed to specific users without being encoded or validated. When a malicious member posts comments containing cross-site scripts, an attacker views the comment, which is then displayed to the user. As a result, the attacker acts as a legitimate user of the script.

The three main topics concerned with e-mail security to user training session are e-mail encryption, viruses, and e-mail security resources. E-mail encryption involves retention of a copy of an e-mail as a digital certificate. This prevents e-mails from getting to unintended users who may change their contents. This is done through updating security patches for the client software.

Viruses are malicious codes that spread when an infected file is attached to electronic mail messages. As a result, a user should be certain the source of a file before opening or running it. All systems should be installed with antivirus programs to counter malicious programs.

E-mail Security Resources involve programs that have platforms for encryption, anti-spam and antivirus security features encompassed into the software. Some of commonest resources include Microsoft Exchange Server and Web-Sense E-mail security that blocks inbound and outbound risks at the gateway of networks.

For one-hour training for senior manager, the main topics of discussion are cyber security, encryption standards, and Government Information Security. Cyber security standards are important in an organization to improve on e-mail security as well as reduce cyber security attacks. Senior managers should acquire cyber security certification from the government to improve on security.

Encryption standards refer to information related to information governance policy, policy enforcement, and privacy management issues on e-mail security. Senior managers should ensure that compliant transfer of e-mail corresponds to federal private policy.

Government Information Security, GIS, ensures that transfer of e-mails is compliant with government regulations and internal security policies. GIS focuses on the role of cyber threat information and its role in e-mail security. Its postulates are important in the provision of e-mail storage solutions to keep up with the increasing demands of security.

The failure of the messages to go through may be caused by error messages. Normally, a message is sent by conveying e-mail from one person to another. Although there are many servers at the headquarters of the employee’s firm, the mail server at the employee’s side should relay the message to the recipients ISP. In big firms, this process may be complicated since the ISP may fail to “know” the sender or recipient of the mail. This results to an error message “unable to relay” depending on the ISP and servers involved. Additionally, it can result from a mail server situated in a location that cannot be configures during the process of sending mail. To solve this problem temporarily, a starter should double-check the address to ascertain that it is addressed to the right person to avoid error messages.

The company whose e-commerce conducts fraudulent purchases should embark on several plans to prevent it from being classified as high-risk firm. First, the firm should implement an Address Verification System, AVS that ensures that each cardholder has a ZIP code and billing address in the authorization request. Secondly, the firm should install a system that recognizes counterfeit cards to prevent fraud. Embossing of cards is straight and clear since it ensures that signatures are not tampered with. Thirdly, the security team should examine all online transactions carefully to eliminate fraud. E-commerce payment gateways examine the nature of credit card and assess its originality. Lastly, the organization should comply with PCI Standards. There are ISO standards that ensure a firm protects both the information of the customers and employees to ensure that the business is secure.

Information on personal credit card number is a form of personal information that should be encrypted in an organization to prevent thefts. My organization disregards the security of credit card number on the ground each cardholder has a secretive password. Credit card number contains sensitive data that requires encryption. The number can be termed as “sensitive” since it requires intermittent access. As a result, a data of its caliber containing personal privacy considerations should be encrypted under state and federal laws. Reasonably, any unintended access may be termed as fraud since it may pose negative impacts on the owner. Additionally, hackers have easy time cracking the password rather than both the password and credit card number. Encrypted data will require user verification before access to ensure that security is withheld.

A crash of the hard drive in my computer system would lead to total loss of information stored in the drive. My system lacks off-site facility for back up, and, as a result malfunctioning of the drive may be disastrous. The amount of data lost can be reduced through installation of data recovery software that has several requirements: firstly, a computer user should buy a new hard drive to act as backup storage. A “slave” and “master” drives should be created to act as primary and secondary drives respectively. The last step involves installation of software that links the “slave” and “master” drive to create interaction. When a disaster occurs, the information contained in the “slave” drive can be transferred to the “master” drive reducing the amount of data lost due to system crash.

Cloud computing will pose several data security risks for providers and cloud customers. Generally, it will be abortive for the cloud users and data controllers to cross check the data management practices of data providers. As a result, both of them will not be aware if data in handled in lawful of fraudulent manner. This challenge is worsened in the event of multiple data transfer, for instance, transfers between federated clouds. Conversely, some providers are required to provide data on information handling practices to increase both the effectiveness and efficiency of the process. Some cloud providers offer summaries of certification on their data security, data controls, and data processing activities to streamline the process of data security, for example, SAS70 Certification.

The new trend of Web-based social networks such as Facebook, Twitter, and LinkedIn are increasing communication in the world, which may have adverse effect on the control of sensitive information. With the increasing level of technology in this field, cases of hacking into systems, accidental exposure of confidential material, and identity theft will be on the rise as cyber thieves become apt with technology. Reasonably, the social media and mobile applications are rapidly becoming rich sources of information relating to data encryption. As a result, future hackers will not be required to be creative in order to access personal information, for instance, information relating to personal banking. It will be hard for organizations to withhold information to avoid breach on any kind since most of these social networking sites are public networks. As a result, they will be compelled to identify threats and respond in real times before hackers can access their files.