Assigmnet-Week-5-BD308-CyberSecurity-SultanChairul-2581484737

  1. Why is keeping software (like WordPress, Magento, etc.) and its plugins updated a critical security task?
  2. Explain the concept of input validation and how it can prevent attacks like SQL injection.
  3. What are the security risks of using weak or default passwords for application admin panels?

Answer :

1. Why keeping software and plugins updated is critical

Platforms like WordPress and Magento are common targets for attackers.

Why updates matter:

  • Updates fix known security vulnerabilities
  • Hackers often exploit old, unpatched versions
  • Plugins/themes can also contain weaknesses

What happens if you don’t update:

  • Attackers can take control of the website
  • Customer data may be stolen
  • Malware can be injected into the site

In short:
updates close security gaps before attackers can use them.

2. Input validation and SQL injection prevention

Input validation means checking and controlling what users are allowed to enter into a system (forms, search fields, login pages).

How it works:

  • Only accept expected formats (e.g., numbers, valid email)
  • Reject or sanitize suspicious input

How it prevents SQL injection

SQL injection is when an attacker inserts malicious database commands into input fields.

Without validation:

  • The system treats user input as part of a database query
  • Attackers can read, modify, or delete data

With proper validation:

  • Inputs are filtered or escaped
  • Malicious code is not executed

In short:
Input validation ensures user input is treated as data, not as executable commands.

3. Risks of weak or default passwords

Using weak or default passwords in admin panels creates a major security risk.

Common problems:

  • Easy to guess (e.g., “admin123”)
  • Default credentials are publicly known
  • Attackers use automated tools to try many passwords quickly

Risks:

  • Unauthorized access to admin panel
  • Full control of the system or website
  • Data theft, defacement, or service disruption

Example:
If an attacker logs into an admin panel, they can change content, access user data, or install malware.

Status ; 100 %

Keterangan ; Sudah mengerjakan tugas dengan baik dan benar.

Previous Post Previous Post
Newer Post Newer Post

Leave a comment