Case Study
Task
Cross-site Scripting (XSS), Cross-site Request Forgery (CSRF) and Structured Query Language (SQL)
Injections are common attacks, exploiting web application vulnerabilities. Your task is to select one case
study example of one attack type from either XSS, CSRF or SQL injection as the basis for your report and
explain (and graphically depict) all components of the attack by addressing the following two requirements:
- Develop a detailed walkthrough of how your chosen attack type would theoretically operate in the
real-world. This section should clearly represent each stage of the attack with supportive discussions. - Select one CVE (Common Vulnerabilities and Exposures) and proceed to identify and explain the
intricacies of that real-world incident that eventuated based on your chosen attack type. - By explaining your selected real-world incident, you should at a minimum answer the following
questions:
What was the outcome of your chosen incident?
What was the impact of your chosen incident?
Identification of the personal identifiable information (PII) that was held, used, and
collected by the organisation.
Discuss the C.I.A triad and how these principles relate to the information security breach,
i.e., what was breached in relation to C.I.A?
What threats and vulnerabilities to the information exist in the case study?
What protections were in place; what worked and what failed in this particular case?
Discuss the lessons learnt from the breach, for example, legal, financial, risk.
What did the organization do after the breach, i.e., what happened after the fact?
Why was this breach such an important case to learn from?
Sample Solution