Show simple item record

dc.contributor.advisorKelly, Van
dc.contributor.authorMankowitz, Benjamin
dc.identifier.citationMankowitz, B. (2022, September). Analysis of Modern Computing Threats: Injection and Server Side Request Forgery [Undergraduate honors thesis, Yeshiva University.]en_US
dc.descriptionUndergraduate honors thesis / YU onlyen_US
dc.description.abstractIn the modern world, digital computing and the Internet define the way we live our lives. Banking, commerce, transit, and even most jobs rely on various computing systems. Due to the importance of these systems, it is imperative that they stay secure from malicious attacks. To protect against such attacks, it is necessary to understand exactly what vulnerabilities exist, and how exactly to exploit them. It is a cybersecurity axiom that there is no security through obscurity. It is not enough to simply hide the implementation details; the security implementer must know how to break into a system to better protect it.¶ The core question that this thesis will address is how many of today’s major services are vulnerable to easily automated and commonplace cybersecurity attacks. This thesis will present a broad overview of two types of vulnerabilities (Injection (A03), and Server Side Request Forgery (A10)), how to exploit them, and give some historical examples. Finally, the conclusion will attempt to show approximately how many web pages are potentially vulnerable.¶ Due to legal constraints, I can only test websites that have a “safe harbor” clause, but malicious users have no such constraints. Consequently, this paper cannot fully determine the scope of vulnerability. Generally, it is not possible to probe for vulnerabilities without exploiting them, and since the researcher is knowingly and intentionally attempting to access unauthorized content, there is legal liability.en_US
dc.description.sponsorshipthe Jay and Jeanie Schottenstein Honors Programen_US
dc.publisherYeshiva Universityen_US
dc.relation.ispartofseriesJay and Jeanine Schottenstein Honors Theses;September 2022
dc.rightsAttribution-NonCommercial-NoDerivs 3.0 United States*
dc.subjectInjection (A03)en_US
dc.subjectServer Side Request Forgery (A10)en_US
dc.titleAnalysis of Modern Computing Threats: Injection and Server Side Request Forgeryen_US

Files in this item


This item appears in the following Collection(s)

Show simple item record

Attribution-NonCommercial-NoDerivs 3.0 United States
Except where otherwise noted, this item's license is described as Attribution-NonCommercial-NoDerivs 3.0 United States