Professional Documents
Culture Documents
Student’s Name
Instructor’s Name
Due Date
2
With the rapid digitalization and evolution of technology, the risk of being exposed to
malware attacks increases every day. A typical definition of a malware attack is an attack where
targeted victim (Chesti et al., 2020). All types of malwares are developed with a specific
objective in mind which determines how the execution of command will be conducted. For
example, some malwares are designed to steal critical payment credentials while others are
focused in disrupting the target’s operations as well as demanding payment. The three primary
types of malware vectors that are used by most cybercriminals include worm, virus, and trojan
horse. However, malware attacks can be prevented by implementing the best practice software
assurance techniques. One of the mitigation strategies that can be implemented is secure
handling and management of codes (Chesti et al., 2020). Protection of codes should be a
common practice among people and organizations that use IT systems. Effective code handling
ensures that only authorized personnel can access, view, and modify the content of a system, thus
preventing malicious intruders from introducing vulnerabilities into the system. Furthermore,
design and code reviews need to be conducted as a measure for preventing insertion of malicious
codes.
Another common security threat affecting software applications is SQL injection SQLI)
attacks. This is an attack vector that uses malevolent SQL codes for backend database
manipulation with the objective off accessing information that was not supposed to displayed
(Alenezi, Nadeem & Asif, 2021). The consequences of SQLI attacks are far-reaching since the
attacker can gain administrative rights on the targeted database or delete critical and sensitive
business since the potential cost of the attacks includes the loss of customer trust which can have
negative impact on the sales and revenue generation of that business. Most attackers that use this
approach normally target websites due to their vulnerable nature. This attack method allows the
attacker to manipulate the SQL queries of a software application or website. Despite the potential
risk that SQLI attacks might have on a software application, training and maintaining awareness
is one of solutions that is used in mitigating the challenge (Alenezi, Nadeem & Asif, 2021). It is
critical that organizations and business keep their web applications safe by providing training to
everyone involved in building the application and creating awareness about the potential risks
linked to SQLI attacks. Through training, the parties involved will gain considerable security
knowledge on how to protect the web applications from any SQLI attack. This can be done by
References
Alenezi, M., Nadeem, M., & Asif, R. (2021). SQL injection attacks countermeasures
Chesti, I. A., Humayun, M., Sama, N. U., & Jhanjhi, N. Z. (2020, October). Evolution,
10.1109/ICCIS49240.2020.9257708