Assignment No.

04
Total Marks: 10
SEMESTER Fall 2010
CS507- Information Systems Due Date: 24/1/2011

Instructions
Please read the following instructions carefully before solving & submitting assignment:
It should be clear that your assignment will get zero marks if:
o The assignment is submitted after due date.
o The submitted assignment does not open or file is corrupt.
o The assignment is copied (from other student or ditto copy from handouts or internet).
o Student ID is not mentioned in the assignment File or name of file is other than student ID.

Note:
Your answer must follow the below given specifications. You will be assigned zero marks if you do not
follow these instructions.

• Font style: “Times New Roman”

• Font color: “Black”
• Font size: “12”
• Bold for heading only.
• Font in Italic is not allowed at all.

Do not put any query at MDB about this assignment, if you have any query then contact at
cs507@vu.edu.pk

Deadline
Your assignment must be uploaded/submitted at or before Monday, January 24, 2011.
 Marks: 10

Web application security

Dear Student
You have learned in this course about the system security risks and vulnerabilities.
That when any system goes online so it is more likely be attacked by hackers.
Hackers try to attack at the application layer of network system. Just to get into the database of system, as
application layer is the bottom layer from which any computer
can access to let the data traffic comes in.

Internet

Firewall
Hacker Web application server Database server

You have learned about the various technical controls that ensure security like:
• Firewall
• Antivirus software
• Network security scanners etc

From the figure, it is clear that the network firewall do not protect a web application they are only designed for
network level security. It blocks unwanted traffic and activity and allow legitimate traffic in.
Antivirus software detects system level issues, not the browser.
Whereas, network security scanners are a good choice to secure network services. But they do not launch any
security checks to check the vulnerabilities in web applications.
Hackers can easily hack web application firewalls as they won’t fix security holes in web applications and are not
immune to attacks. Common attacks are:
1) Cross site scripting (XSS)
2) Cross site request forgery (CSRF)
3) SQL injection (SQL)
4) Buffer overflow etc

Question:

What are the challenges faced by WAFs (Web Application Firewalls) in order to secure the web
applications? Write only five challenges. [ 10 marks]

Note: Write only precise answer and avoid giving extra details.