CSCI 310 Lecture Notes - Lecture 14: Penetration Test

Expensive for company: not only fixing the vulnerability, affects on the customers; avg cost of a data. Sql injection is hard to prevent; its because the user input is being appended directly into the query. Prevention: identify and repair vulnerability in the code, design, or requirements. Detection: identify an attack when it is occurring at runtime, and either stop it or log the occurrence. ***integrity, confidentiality, availability = core because you need to care about these for almost any system. Others privacy, anonymity, safety, liveliness = are more optional security properties. Integrity = must be maintained along with confidentiality. Confidentiality = helping data not from escaping from outside, no one should be able to read this data unless they have the authority to do so. Nonrepudiation = ability to convince a third party that an event occurred, when something happens that you know without a doubt who was the person who did it; related to integrity.