SEC571
Week 2
Organization Profile and Problem Statement
Student Name
Date
Prepare for your exams
Study with the several resources on Docsity
Earn points to download
Earn points by helping other students or get them with a premium plan
Guidelines and tips
Prepare for your exams
Study with the several resources on Docsity
Earn points to download
Earn points by helping other students or get them with a premium plan
Community
Ask the community
Ask the community for help and clear up your study doubts
University Rankings
Discover the best universities in your country according to Docsity users
Free resources
Our save-the-student-ebooks!
Download our free guides on studying techniques, anxiety management strategies, and thesis advice from Docsity tutors
Security Vulnerabilities and Threats Analysis for Netflix: A Case Study, Assignments of Computer Networks
A detailed analysis of security vulnerabilities and threats facing netflix, a popular streaming service. It explores common vulnerabilities like sql injection and cross-site scripting, highlighting their potential impact on user data and organizational security. The document also examines various threat vectors, including phishing attacks, credential stuffing, brute force attacks, and man-in-the-middle attacks, providing insights into their methods and consequences. It concludes with a problem statement emphasizing the importance of robust security measures to mitigate these threats and protect user data.
Typology: Assignments
2023/2024
1 / 14
This page cannot be seen from the preview
Don't miss anything!
Often downloaded together
Related documents
Partial preview of the text
Download Security Vulnerabilities and Threats Analysis for Netflix: A Case Study and more Assignments Computer Networks in PDF only on Docsity!
SEC
Week 2
Organization Profile and Problem Statement Student Name Date
Rubric
Criteria Total Selection of Organization 10 Identification of products and services 10 Analysis of potential improvements 10 Problem statement 15 Total 45
Products &
Services
- Movies
- Television shows
- Original series
- Documentaries
- Feature films
- Electronic games
- Hidden genre category list system
- Smart download feature
- DVD by mail service
- Next Games
Products & Services
Cont.
- Streaming Media
- Video on demand
- Film production
- Film distribution
- Television production
CWE-89 SQL
INJECTION
- Putting in bad SQL code to get unauthorized access to information like secret company data, user lists, or private customer information.
- Without proper removal or quoting of SQL syntax in user- controllable inputs, the changed query logic could escape security checks or add extra statements that change the back-end database, possibly by running system commands.
CWE-79 CROSS-SITE
SCRIPTING
- Failure or improper neutralization of user-controlled input before it is put into output that is used as a web page that is served to other users.
- In many cases, the attack can start before the target even knows what's happening. Even when users are careful, attackers often use methods like URL encoding or Unicode to hide the bad part of the attack so that the request doesn't look as strange (CWE Team, 2022).
- Once the attacker has inserted the malicious script, they can do a number of bad things, such as: - Send confidential information - Send fraudulent requests to a website on the victim's behalf - Phishing tactics could be used to make sites look like ones that people trust. - The script could take advantage of a weakness in an online browser and take over the victim's computer. This is called “drive-by hacking.”
Phishing
Attacks
- Cybercriminals try to get private information like usernames, passwords, and credit card numbers by pretending to be a reliable source or person and communicating digitally. This threat comes from both inside and outside the organization. Phishing attacks can happen to both staff and buyers.
- The Guardian reported in 2020 that at the height of the Coronavirus pandemic, when more people were using streaming services, about 700 fake websites that looked like Disney+, Netflix, and Hulu were made to trick people who didn't know what was going on. These fake websites offer free services to get people to sign up, and then they steal their personal information and money (Sweney, 2020).
Credential Stuffing
Attack
- Use of stolen account information to get into a server or account. Most of the stolen information is saved credentials from databases.
- Most of the time, this kind of attack happens when very popular streaming material comes out. At that time, people share passwords the most, which makes it a great time for hackers to strike.
Man-in-the-Middle
(MITM)
- A hacker listens in on a conversation that is taking place between two other persons by stealing their communication and redirecting the traffic that results.
- This type of attack is typically utilized to obtain sensitive information and login credentials for online accounts.
Problem
Statement
According to the 2022 Data Breach Investigations Report that was published by Verizon, around 82 percent of data breaches were caused by the Human Element. This includes Social Attacks, Errors, and Misuse. The increased likelihood of successful Phishing attacks are because they are designed to target basic human responses specifically the urge to open correspondence, especially if it reaches their work inbox or it’s believed to be coming from a legitimate source or work colleagues (2022 Data Breach Investigations Report, 2022). Once users give the requested information, attackers can use it to get access to their personally identifiable information (PII) or sensitive personal information (SPI). This can hurt the organization as a whole and also cause "personal" problems like identity theft, fraud, and other scams. Because of this, all companies should put together strong and effective plans to stop hacking.