Question

The Open Web Application Security Project or commonly known as OWASP is a non-profit organization that provides a number of resources for protecting, defending, and researching web application vulnerabilities. One of the products that the organization produces and regularly updates is a report on the top 10 web application vulnerabilities. This is commonly known in the security community as OWASPS’ Top 10.

Your task for Lab 4 is to research and provide a detailed write up on

• Sensitive Data Exposure
• Broken Access Control

At a minimum, your write-up will need to include:

• a detailed description of the vulnerability
• a detailed explanation of why the vulnerability exists
• a detailed explanation of how it is exploited
• a detailed explanation of how an organization defends against it

Answer 1

Firstly firstly let we understand that what is VULNERABILITY:-

Software Vulnerability is a glitch, flaw, or weakness present in software or operating system. The term Vulnerability is associated with some violation of security policy. This may be due to work security rules, or it may be that there is a problem within the software itself.

All computer systems have vulnerabilities; whether or not they are serious depends on whether or not they are used to cause damage to the system.

Software Vulnerabilities are explained by three ideal factors. These are:-

• Existence - the existence of a Vulnerability in the software.
• Access - the possibility that hacker gain access to the Vulnerability.
• Exploit - the capability of the hacker to take advantage of the Vulnerability via tools or with certain techniques.

An EXPOSURE is a state in a computing system (or set of system) which is not a universal Vulnerability, but either:

> Allows an attacker to conduct information gathering activities .

> Allows an attacker to hide activities.

> Includes a capability that behaves as expected, but can be easily compromised.

> When trying to gain unauthorised access to a system, intruder usually first conducts a routine scan (or investigation) off the target, collects any exposed data, and then explore its security policy weakness or Vulnerability.

SENSITIVE DATA EXPOSURE occurres when an application, company, or other entity inadvertently exposes personal data. Sensitive data exposure differs from a data breach, in which an attacker accesses and steals information. sensitive data exposure occurs as a result of not adequately protecting the database where information is stored. This might be a result of a multitude of things such as weak encryption, no encryption, software flaws, or when someone mistakenly uploads data to incorrect database.

BROKEN BROKEN ACCESS CONTROL:

It it is one of the most common vulnerabilities packet labs discovers when performing web application penetration tests are broken access controls. Access control vulnerabilities when user can act outside of their intended permissions. This typically leads to an authorised access leads to unauthorised access, information disclosure, and modification or destruction of data. These vulnerabilities arises from insecure coding or insecure implementation of authentication and authorization mechanism.

Access control are designed to prevent user from acting outside their intended permissions, when Vulnerabilities exist in these controls, or there are no controls users can act outside of their intended permissions.

Now the question arises that's why there are software Vulnerabilities ?

Vulnerabilities exist in all types of software. For instance, the popular open source web browser Firefox has had more than hundred vulnerabilities.

Software development is not a perfect process. programmers open work on timelines set by management teams that attempt to set a reasonable goals. Developers do their best to design a secure products as they progress but may not be able to identify all flaws before anticipated release date.

Once an attacker identifies an Vulnerabilities, he can write a new computer program that use is that opportunity to get into a machine and take it over.

Now now let we discuss how to avoid software Vulnerabilities -

Vulnerability management is an essential process through which organisation can reduce risk in their environment.

1. Regularly installing the latest security patches and software updates is indeed an important measure to take to protect a network.
2. Build a strong firewall. With this, your network will be protected against online vulnerabilities.
3. Inclusion of flawed components.
4. To add an extra layer of security in the network, install security software to all computers and other devices that are connected to the network.
5. It is important that our network is being strictly managed and monitored by a group of highly skilled IT professionals.