– Adding all sites which are trustable to the Internet Explorer’s Trusted sites zone (Microsoft Corporation 2010).
Apart from tweaking the settings of the Internet Explorer, mitigation can also be done through careful practice of programming. Several recommendation also exist in this regard while include.
– Refactoring of the web application during the design phase so that it does not generate dynamic code.
-Execution of the application in a sandbox environment, during the design phase, which allows the application process and the operating system to operate in separate boundaries thus restrict the nature of code which can be executed by the application.
– Implementing acceptable, known and good input validation which reject all inputs apart from those maintained in a white list of specification or transforms unknown input into something valid.
– Limiting the number of construct which can be used to make an input. Also, all properties of input such as its length, type, syntax and conformance to business logic should be taken into consideration.
– Using dynamic techniques and tools to test the behaviour of the application. Different types of testing such as fuzz testing; robustness testing as well as fault injection should be performed.
– Executing of the developed application in an environment which prevents the use of tainted variables, such as Perl’s “-T” switch”. This will enforce the use of input validation automatically on the programmer; however, care must be taken while marking the inputs as untainted (Security Database Website 2010).
The CVE-2010-0247 vulnerability is a weakness of Microsoft’s Internet Explorer browser which allows an attacker to run a code remotely which could result in the attacker taking over the system. This vulnerability has been classified as critical by multiple vulnerability database websites and poses a serious threat which could lead to loss or leak of confidential or top secret information. This vulnerability affects all versions of Windows operating system except Windows Server 2008 or Windows Server 2008 R2 versions. Microsoft suggests tweaking the setting of Internet Explorer to ask for permission every time it is required to execute a script of Active X control as measures to prevent exploit of this vulnerabilities. Furthermore, CVE website suggests measures which should be taken while developing application to prevent them from code injection attacks such as this one.
This is just a sample term paper for marketing purposes. If you want to order term papers, essays, research papers, dissertations, case study, book reports, reviews etc. Please access the order form.