Premium Essay

Is308 Discussion 4

In:

Submitted By dina12797
Words 302
Pages 2
Social Network Groups for All-“A Stupendous Idea or Security Incident Waiting to Happen?”

The idea of having this social networking platform may seem like a good idea and it can be; however, the security risks it has with the current settings could really hurt the company’s reputation in the future. It makes it easy for people to link together in groups setting but in reality it is sharing too much unnecessary information with third parties applications. The current settings could lead to malicious users to exploit the vulnerabilities. The reasons to exploit the vulnerabilities in this platform setting are summarized to obtaining personal information which can be later used to exploit the vulnerabilities from the targeted individuals. In this case with all the contacts’ email addresses being out there for everybody to see, than a hacker could use it to obtain information from their employers or personal information such as financial information. Also, by using HTML and JavaScript a hacker could do command injections which could lead to limited accessibility. The JavaScript programming language could allow standard API’s to bypass access control or security checks and also a tainted input allows code to apply its own permission during the security management check. This idea could lead to serious security issues which could impact the revenue of the company. This is idea has a lot of merit because it would allow individuals to socialize in group settings. However, there need to be better security policies in place during the design so that there will not be too many bugs to work out after implementation. Taking the time to analyze all the necessary security risks and vulnerabilities early in the development phase will save “Social Networking Groups for All” money and will be able to offer a better platform to their

Similar Documents

Premium Essay

It255

... SYLLABUS Credit hours: 4 Contact/Instructional hours: 50 (30 Theory Hours, 20 Lab Hours) Prerequisite(s) and/or Corequisite(s): Prerequisites: IT220 Network Standards and Protocols, IT221 Microsoft Network Operating System I, IT250 Linux Operating System Course Description: This course provides an overview of security challenges and strategies of counter measures in the information systems environment. Topics include definition of terms, concepts, elements, and goals incorporating industry standards and practices with a focus on availability, vulnerability, integrity and confidentiality aspects of information systems. Introduction to Information Systems Security Syllabus Where Does This Course Belong? This course is required for the Bachelor of Science in Information Systems Security program. This program covers the following core areas:    Foundational Courses Technical Courses BSISS Project The following diagram demonstrates how this course fits in the program: IS427 Information Systems Security Capstone Project 400 Level IS404 Access Control, Authentication & KPI IS411 Security Policies & Implementation Issues IS415 System Forensics Investigation & Response IS416 Securing Windows Platforms & Applications IS418 Securing Linux Platforms & Applications IS421 Legal & Security Issues IS423 Securing Windows Platforms & Applications 300 Level IS305 Managing Risk in Information Systems IS308 Security Strategies for Web...

Words: 4114 - Pages: 17

Premium Essay

Seeking Help

...and practices with a focus on availability, vulnerability, integrity and confidentiality aspects of information systems. Prerequisite(s) and/or Corequisite(s): Prerequisites: IT220 Network Standards and Protocols, IT221 Microsoft Network Operating System I, IT250 Linux Operating System Credit hours: 4 Contact hours: 50 (30 Theory Hours, 20 Lab Hours) Introduction to Information Systems Security Syllabus Where Does This Course Belong? This course is required for the Bachelor of Science in Information Systems Security program. This program covers the following core areas:    Foundational Courses Technical Courses BSISS Project The following diagram demonstrates how this course fits in the program: IS427 Information Systems Security 400 Level Capstone Project IS418 IS404 Access Control, Authentication & KPI IS421 Legal & Security Issues IS423 Securing Windows Platforms & Applications IS411 Security Policies & Implementation Issues IS415 System Forensics Investigation & Response IS416 Securing Windows Platforms & Applications Securing Linux Platforms & Applications 300 Level IS305 Managing Risk in Information Systems IS308 Security Strategies for Web Applications & Social Networking IS316 Fundamentals of Network Security Firewalls & VPNs IS317 Hacker Techniques Tools & Incident Handling EC311 Introduction to Project Management IT250 Linux operating System ment CNS Program Prerequisites: ©ITT Educational...

Words: 4296 - Pages: 18