Technology And Its Effect On Information Crimes - 1606 Words

With the widespread growth of technology, application security is increasingly becoming more and more popular. This growth has a direct effect on information crimes, which are being conducted in new and changing ways. Understanding the issues surrounding information crimes and providing simple but effective security models are key. As developers attempt to keep up with this widespread growth, proper security implementation can sometimes slip through the cracks. Insecure applications can cause serious information security and data privacy issues causing severe repercussions on users and organizations alike. To protect against these attacks, IT professionals need to properly understand some of the basics including cross site scripting,†¦show more content†¦The cross site scripting attack on the user could give them access to a user’s cookies, which can be used to impersonate that user; read and make modifications to the browsers document object model (DOM); or access a user’s geolocation, webcam, microphone, and even specific files from the user’s file system. While some of these require user authentication, a combination of cross site scripting and social engineering could bring the attacker a long way (Acunetix). An attacker can take advantage of many different types of cross site scripting. These include persistent cross site scripting, reflected cross site scripting, and DOM based cross site scripting. An attacker can use a combination of the three as well (server/client cross site scripting) (Acunetix). With persistent cross site scripting attacks, the malicious code is submitted to a website where it’s stored for a certain period of time. The user is not required to interact with an additional site or link, just view the website containing the code. Reflected and DOM based cross site scripting attacks required the user to either visit a specific link that contains malicious code, or visit a malicious site containing a web form that performs the attack. The use of a malicious form is often done when the vulnerable site only accepts HTTP POST requests, which allow the form to be