Cross site scripting Essay Example for Free

Cross site scripting Essay Cross-site scripting is form vulnerability for computer security which mainly occurs in web applications that accept injection of code by web users who happen to be malicious; such users inject the code into various web pages that are used by other web users. The most common codes that are usually injected by malicious web users include scripts of client side and HTML codes. Cross site scripting (XSS) vulnerability which is exploited is usually used by attackers for by passing the certain access controls, a good example of such bypass is a policy of the same origin. XSS originated from the fact that it is possible for a malicious web site to be loaded into another window or frame and then write or read data using java script on other web sites (Rafail, 2001). Cross site scripting vulnerabilities XSS vulnerabilities have been well exploited to come up with very powerful browser exploits and phishing attacks. XSS performed on websites were about eighty percent of all the recorded securities as indicated by the 2007 statistics. In most cases of attack every thing looks to be in order as far as the end users are concerned, but they are finally subjected to access which is not authorized, financial loss and loss of sensitive data (Rafail, 2001). The cross site scripting can be primarily be categorized into two: reflected and stored. But there is another type of cross site scripting which is not widely known, called DOM. The stored refer to those codes that once injected are stored in the target servers permanently. They can remain permanently in the message forum, database comment field, or in the visitor log. The reflected XSS attacks, are the codes which when injected, the web server is reflected off as a search result, an error message or other forms of responses that may include all or some of the input that was sent to the various servers as request in part. Usually the reflected attacks are sent to the victims through other channels such as electronic mail messages, or through other web servers. Once a user is lured into clicking a link which is malicious or is tricked to submit a form which is specially crafted, the code that has been injected travels via the web server which is vulnerable, the reflected attack is in turn sent back to the browser and the code is then executed as if it originated from a valid server (Rafail, 2001). The consequences of cross site scripting attacks are primarily the same regardless of whether they are DOM based, reflected or stored. The main difference the manner in which the pay load enters the server. Cross site scripting is capable of causing various problems to the end users. The problems range in severity, they can cause annoyance to the end users as well as complete loss of accounts. The most serious attacks of XSS result into disclosure of the users information and data thus giving the attacker to actually hijack the session of the user and thus be in a position to comfortably take over the users accounts. The XSS expose the end users to other damaging attacks such as Trojan programs installations, disclosure of files belonging to the end users, redirecting the web user to other sites or pages, or modification of the contents. A cross site scripting vulnerability that allows the attacker to change certain news item or a press release is capable of affecting the stock price of an organization or decreasing the confidence of the consumer. For example a cross site scripting vulnerability on a site of a pharmaceutical can allow the attacker to alter the information of dosage which might result into over or under dosage (Rafail, 2001). Flaws in an XSS are at times very difficult to establish and get rid of them from web applications. In order to find such flaws, the best method to use is performing a review on the security code and also to perform a thorough search in all possible areas where HTTP input request can easily finds its way into output of the HTML. It is very important to note that various tags of HTML tags can be effectively used in transmission of java scripts which are malicious. Nikto, Nesus plus other tools which are currently available in the market can be used in scanning the websites but they are less effective since they are only capable of scratching the surface and are not capable of eliminating all the flaws in the system (Snake, n. d. ). Preventing XSS attacks Once a web site becomes victim of XSS attack the end user is likely too loose a lot of crucial data and information. It is therefore, very important for people to protect themselves against such attacks. One of the best ways of preventing your self of becoming a victim to an XSS attack is failing to respond to a request that is unsolicited by providing your personal details. Such information should not be provided whether it is over the internet or the phone. Users should know that the internet and e-mail pages that are usually used by the XSS attackers look similar to those used by the legitimate institutions and it might be quite hard to distinguish between the two. So if one believes that the contacts could be valid them they should contact the institution in question themselves. They can do so by either visiting the company’s website and instead of using the provided link one should actually type the address or use a page that you might have book marked earlier. One should initiate the contact using the information that you have verified (Naraine, 2009). Conclusion Cross site scripting is a serious fraudulent activity and once one falls prey to it can end up loosing significantly. It is thus good to increase awareness of such vices so that when people are targeted for such acts they can be able to identify them and subsequently be in a good position to protect them. The end users should also do all that is possible in order to conceal their vital information and ensure that it is only given to the relevant authorities when needed. It is also important to keep scanning their system regularly using valid tools. Reference: Naraine, R. (2009): Phishing without bait: The in-session password theft attack, Retrieved on 1st June 2009 from, http://blogs. zdnet. com/security/? p=2390. Rafail, J. (2001): Cross-Site Scripting Vulnerabilities, Retrieved on 1st June 2009 from, http://www. cert. org/archive/pdf/cross_site_scripting. pdf. Snake, R. (n. d. ): XSS (Cross Site Scripting) Cheat Sheet Esp. : for filter evasion, Retrieved on 1st June 2009 from, http://ha. ckers. org/xss. html.

Attention Deficit Hyperactivity Disorder in Children Essay -- ADHD Dis

Introduction:   Ã‚  Ã‚  Ã‚  Ã‚  Most people have heard of the term Attention Deficit Hyperactive (ADHD) disorder. â€Å"Attention Deficit Hyperactivity Disorder (ADHD) is a neurobiological disorder that interferes with an individual’s ability to attend to tasks (inattention), inhibits one’s behavior (impulsivity), and may interfere with a person’s ability to regulate one’s activity level (hyper-activity) in developmentally appropriate ways (Barkley 19)†. The most important job for teachers and parents is to separate fact from fiction, to clarify what we know and don’t know.   Ã‚  Ã‚  Ã‚  Ã‚  Properly diagnosing ADHD, medication choices, and behavioral interventions are the key focal point. Is medication truly worth the side effects? Diagnosing ADHD   Ã‚  Ã‚  Ã‚  Ã‚  As the name implies, ADHD is typically characterized by two distinct sets of symptoms: inattention and hyperactivity / impulsivity. Although these problems usually occur together, one may be present without the other and still qualify for an ADHD diagnosis. Children are diagnosed with ADHD when they have met specific guidelines within these two categories.   Ã‚  Ã‚  Ã‚  Ã‚  A number of parents observe signs of inattentiveness, restlessness, and impulsivity in their child even before their child starts school. The child might lose attention while playing a game or watching TV, or the child might dash about totally unrestrained. Since children mature at different levels and vary in character, nature, and energy levels, it is critical to obtain a specialist’s diagnosis of whether the behavior is suitable for the child's age, the child has ADHD or the child is simply immature or uncommonly high-spirited.   Ã‚  Ã‚  Ã‚  Ã‚  To qualify as having ADHD, the symptoms must significantly affect a child's ability to function at home and at school. A diagnosis is based on the guidelines provided in the â€Å"American Psychiatric Associations Diagnostic and Statistical Manual of Mental Disorders, fourth edition (DSM-IV) published in 1994 (Barkley 133)†. In general, children are diagnosed with ADHD if they show at least six symptoms from each category. Dr. Berkley lists the following symptoms for each category:   Ã‚  Ã‚  Ã‚  Ã‚  Ã‚  Ã‚  Ã‚  Ã‚  Ã‚  Inattention: †¢Ã‚  Ã‚  Ã‚  Ã‚  Ã‚  Often fails to pay close attention to details or makes careless mistakes in schoolwork or other activities †¢Ã‚  Ã‚  Ã‚  Ã‚  Ã‚  Often has trouble sustaining attention during tasks or play †¢Ã‚  Ã‚  Ã‚  Ã‚  Ã‚  Often doesn't seem to listen when spoken ... ...counseling the child and the family and facilitating them in the development of new skills, attitudes, and ways of relating to each other. The important step is proper diagnosis of ADHD. It is imperative to know about any medication being prescribed for each individual child. Work Cited Page: American Academy of Physicians â€Å"ADHD: What Parents Should Know.† Family Doctor, 10 April, 2005 Barkley, Russel A. Taking Charge of ADHD: The Complete, Authoritative Guide for Parents. New York: The Gilford Press, 2000. Eli Lilly and Company â€Å"Strattera.† Strattera 10 April, 2005 McNeil Consumer & Specialty Pharmaceuticals, a Division of McNeil-PPC, Inc â€Å"Prescription Medication Overview† Focus on ADHD. 14 April, 2005 Rabnier, David. â€Å"Behavioral Treatment for ADHD: An Overview.† Health. 14 April, 2005 Wilens, Timothy E. Straight Talk about Psychiatric Medications for Kids New York: The Guilford Press, 1999. Wilens T.C. et all. Does stimulant therapy of attention-deficit/hyperactivity disorder beget later substance abuse? A meta-analytic review of the literature. Pediatrics, (2003) 111:1:179-185.

Parent Interview

I interviewed a woman who has given birth within the past year so that I can relate the things I am learning In the classroom back to real life scenarios. Throughout the Interview I hope to obtain enough knowledge to be able to understand the blurting process a lot better. I hope that I will be able to know more about how real life situations when it comes to having a new baby in the house. I also hope to be able to understand what it is like for a mother to see their newborn baby for the first time. Else is a 23 year old female.She is Mexican and was born at Fremont hospital in Yuba City, CA. Her family is made up of her boyfriend, herself, and her 4 children. Her boyfriend is also Mexican and they speak mostly English inside of their home, but they also Include some Spanish. She doesn't work at the moment, she currently Is enrolled In 5 classes at Yuba College and Is a full time mother to her 4 little ones. I interviewed Else outside of the cafeteria at Yuba College, It wasn't exac tly In privacy but she said It was perfectly fine. The total Interview took about an hour.Else was very nice and considerate, since she Is an ACE major also, she decided In the middle f the interview that she wants to take ACE 3 and learn about that the basics of every child. There was no problems with the procedure. RESULTS Else had a difficult delivery. She had a planned cesarean delivery, but she had a lot of tissue scaring which made it harder for the doctors to stitch the incision that was made. According to Papilla, a cesarean delivery is when doctors surgically remove a baby from the uterus through an incision In the mother's abdomen (120).She ended up having to stay 4 days In the hospital because of the complications with the Incision. When Else first saw her daughter she was Instantly In love with the little Dutton nose and soft skin. Her newborn baby was seven and a half pounds, which according to Papilla that is the average for newborn babies in the united States (122). S he gave birth to her at the same hospital she was born at, which is Fremont hospital in Yuba City. The only thing that she didn't really like about her stay there was that the R. N. Name in at 4:30 in the morning to weigh the baby, she thinks that 8 am would be a more appropriate time. Else said that right after giving birth she was able to see her baby for about 10 seconds and then wasn't able to see her again for 5 ours due to the complications that happened with the incision. She said that she had a big room and had It all to herself, which was extremely nice because her boyfriend stayed with her the entire time she was in there. She said that he held her hand and kept her happy throughout the entire cesarean delivery.The day after delivery she was able to hold her newborn, but she was extremely sad because she was told that she Isn't allowed to have any more children because of the scaring. Papilla vaginal birth after cesarean should only be attempted with caution (121). So, und erstandable as to why she isn't allowed to have any more children. It surprised her, but she was fine with it because she was fine and her newborn was healthy. The baby was quiet as a newborn. Instead of crying when she's hungry, she would move her head a lot.Right after child birth, she wasn't able to move because her incision was constantly opening up, so her boyfriend did most of the work including changing diapers and bathing the baby. Papilla has stated that the father's role has been increased since sass's and that the father's involvement with the child is related to the child's well-being and physical, cognitive, and social development (139). She breastfed for 2 months, but then the baby decided that she didn't want it anymore, so she had to switch to the bottle.She wanted to make sure that her newborn received the nutrients through her breast milk, so she was sad when she had to switch to the bottle. Papilla recommends breastfeeding to reduce the risk of obesity (147). Obes ity runs in her family. It actually makes it easier because now she doesn't have to worry about pumping milk before she goes to school. Overall, she is much more tired than she was before the baby was born, but she says that the babies mile makes her happier than ever before.The child changed Else's life because she now has 4 little ones that she has to care for, but she said it gives her something to look forward to everyday. She doesn't work anymore, because she decided to start school. She says that nothing has changed dramatically, but she is trying to maintain the same schedule as before. The baby is in a daycare, but the daycare is ran by the baby's grandmother.Throughout the interview, I learned that there is many complications that can come with a cesarean delivery. I didn't know that if you had to much scar tissue that it would be complicated to stitch back up. I also learned that babies freely choose if they want to be breastfed or bottle fed, I had never thought about the possibility of a child deciding that. It was interesting to see how everything related back to the book, especially since I don't have any children of my own. Marmoreal, Papilla, Feldman. (2014). A Child's World: Infancy Through Adolescence. Thirteenth Edition. New York: McGraw Hill.

Tips for Teaching Vocabulary to Students with Dyslexia

Building reading vocabulary is a challenge for students with dyslexia, who have a hard time learning new words in print and in word recognition. They often have a discrepancy between their spoken vocabulary, which may be strong, and their reading vocabulary. Typical vocabulary lessons may include writing a word sometimes 10 times, looking it up in a dictionary and writing a sentence with the word. All of these passive approaches to vocabulary will not by themselves help students with dyslexia very much. Multisensory approaches to learning have been found effective in teaching children with dyslexia and there are many ways this can be applied to teaching. The following list provides tips and suggestions for teaching vocabulary to students with dyslexia. Assign each student one or two vocabulary words. Depending on the number of students in the class and the number of vocabulary words, there may be several children with the same word. During class or for homework, students must come up with a way of presenting the word to the class. For example, a student could write a list of synonyms, draw a picture to represent the word, write a sentence using the word or the write the word in different colors on a large paper. Each student comes up with their own way to explain and present the word to the class. All the students with one word stand up and present their word, giving the class a multi-dimensional view of the word and its meaning. Begin with multisensory information on each vocabulary word. Use pictures or demonstrations to help the students see the meaning of a word as each word is presented. Later, as the students are reading, they can recall the illustration or the demonstration to help remember what the word means. Create a word bank where vocabulary words can have a permanent home in the classroom. When words are seen often, students are more likely to remember them and use them in their writing and speech. You can also create customized flash cards for each student to practice vocabulary words. Talk about synonyms and how these words are both the same and different than the vocabulary words. For example, if your vocabulary word is terrified, a synonym might be frightened. Explain how terrified and frightened both mean you are scared of something but that being terrified is being very frightened. Have students demonstrate the varying degrees of being scared to make the lesson more interactive. Play charades. This is a great way to review vocabulary words. Write each vocabulary word on a paper and place in a hat or jar. Each student draws one paper and acts out the word. Give points when a student uses a vocabulary word while talking. You can also give points if a student notices someone, in or out of school, use a vocabulary word. If outside of the class, the student must write down where and when they heard the word and who said it in their conversation. Include vocabulary words in your classroom discussions. If you keep a word bank in the classroom, continue to review it so you can use these words when teaching to the whole class or when speaking individually with a student. Create a classroom story with the vocabulary words. Write each word on a piece of paper and have each student pick out one word. Start a story off with one sentence and have students take turns adding a sentence to the story, using their vocabulary word. Have students choose vocabulary words. When beginning a new story or book, have students glance through the story to find words they are unfamiliar with and write them down. Once you have collected the lists, you can compare to see which words turned up most frequently to create a custom vocabulary lesson for your class. Students will have more motivation to learn words if they help to pick out the words.Use multisensory activities when learning new words. Have students write the word using sand, finger paint or pudding paint. Have them trace the word with their fingers, say the word out loud, listen as you say the word, draw a picture to represent the word and use it in a sentence. The more senses you include in your teaching and the more often you include and see vocabulary words, the more the students will remember the lesson.