Programming Problem1:

▪ HTTP supports a mechanism that allows users to upload files in addition to

retrieving them through a PUT command.
1. What threats would you need to consider if SimpleWebServer also had
functionality that could be used to upload files?
There are many many threats especially if your building your web server from scratch,
I would recommend IIS, Apache they are mostly proven safe. Using Nginx for a reverse
proxy would slightly increase some security if it's custom built backend.
Some of many considerations are directory traversal, allowing post of code ex php
extension if your running php. Checking any user allowed input is critical along with
anytime you use that input xss would a concern if you display the file name with
server side scripting even code execution should be a concern. Keep in mind file name,
file type, your Backend and browser processing of the file as well.
2. For each of the specific threats you just listed, what types of security
mechanisms might you put in place to mitigate the threats?
The data encryption process is straightforward. An encryption key with a specific
encryption algorithm is used to translate encrypted data into readable data, also
known as ciphertext. Scratched data can only be trimmed using the corresponding
encryption key, so loggers will not be able to read the data as they go through system
security measures.

It can provide data privacy. Other functions are involved in the process in order to
ensure that we can trust any encrypted and encrypted data.

 Privacy: Enters the code and hides the message

 Authentication: Confirms the origin of the message
 Integrity: Verifying the content of the message has not changed since it was
sent
 Non-repudiation: Assures that the sender of the message can't refuse to send
the message
Phishing: This should be performed on various levels, encryption of database records,
encryption of files in the systems, encryption of all data stored in the cloud, ensuring
service providers encrypt the company information they store in their systems and
ensuring data is stored by partners or vendors. Many of the most recently broadcast
leaks occur because a third party stored a password file that was not encrypted, or
stored data in the cloud without encrypting it properly.

Malware: Now the software does encrypt the victim's files. It may start with a local disk
and try to scan the network for map shares or to open shares for an attack.
CryptoWallhlengware deleted Volume Shadow Copy files to make retrieval from
backup difficult and demanded BitCoin wallets. WannaCry used EternalBlue
vulnerability to spread to other computers and made encryption.

Brute force hacking: If the target thread is long enough, then it can take days for
malicious attackers, months, or years to determine the correct password. As a
consequence of the current circumstance of needing long passwords and encryption
keys, vicious attacks are extremely difficult. When decent passwords and encryption
are used, attackers try other code-breaking methods such as social engineering or
hacking.