Logan W. Burroughs
CIS542 – Winter 2014
Describe the business threats posed by each of the following situations and explain what its effect may be if a Web application is compromised:
1. A publicly traded retailer with retail outlets and online shopping/shipping.
a. Merging both in-store and online sales. In the event the web application is compromised anything from the inventory miscalculations to customer data being stolen could occur.
2. A small, private law firm’s website with forms for potential clients to complete, including name, address, contact number, and reason for scheduling an appointment.
b. With including the reason for scheduling appointment, in the event of a web breach customers’ legal or other personal information could be leaked.
3. A real estate appraisal company that provides online appraisals for a publicly traded financial institution’s residential-loan applicants. The bank sends all applicant ...view middle of the document...
5. A city government that allows people with parking tickets to pay the fines online using a credit card or online check.
e. Financial fraud or identity theft; customer information could be compromised including personal payment information. False payments could be made online.
6. A local residential-cleaning business with a website that acts as a company brochure; no forms of any type are located on the website.
f. This has no web application currently, which cause a loss of potentially new clients who prefer to make payments or appointments online.
7. A software development company that develops and licenses online shopping software to large corporations.
g. Large-scale identity and financial theft. Since this one company develops and licenses eCommerce software to large companies, if the main company is compromised it could lead to ALL of their clients being infiltrated as well.
8. A private, locally owned bank with a website that accepts loan applications online.
h. This could open many doors to identity theft and people having loans taken out in their name by someone else.
9. A local doctor’s office that keeps all patient information at the office, doesn’t share electronically with any entities, and doesn’t have a website or use any custom-developed software.
i. I do not see any web-based threats here.
10. An online-only retailer that sells athletic equipment using shopping-cart software that has been developed in-house and uses PayPal whenever a customer makes a purchase.
j. If the in-house developed shopping cart is not carefully debugged and tested there could be price mistakes between the site and the payment service PayPal. Quantity, price, or item mix ups could possibly occur, but since PayPal is a secure payment gateway, there is a minimal chance for financial or customer information leaks.
Ready.gov (2012). Business Impact Analysis | Ready.gov. Retrieved from http://www.ready.gov/business-impact-analysis
TLDP.org (n.d.). From DOS/Windows to Linux HOWTO : Files and Programs. Retrieved from http://www.tldp.org/HOWTO/DOS-Win-to-Linux-HOWTO-4.html
Ubuntu Manpage: tcpdump - dump traffic on a network. (n.d.). Retrieved from http://manpages.ubuntu.com/manpages/lucid/man8/tcpdump.8.html