Question

In: Computer Science

The Open Web Application Security Project or commonly known as OWASP is a non-profit organization that...

The Open Web Application Security Project or commonly known as OWASP is a non-profit organization that provides a number of resources for protecting, defending, and researching web application vulnerabilities. One of the products that the organization produces and regularly updates is a report on the top 10 web application vulnerabilities. This is commonly known in the security community as OWASPS’ Top 10.

Your task for Lab 4 is to research and provide a detailed write up on

  • Sensitive Data Exposure
  • Broken Access Control

At a minimum, your write-up will need to include:

  • a detailed description of the vulnerability
  • a detailed explanation of why the vulnerability exists
  • a detailed explanation of how it is exploited
  • a detailed explanation of how an organization defends against it

Solutions

Expert Solution

Firstly firstly let we understand that what is VULNERABILITY:-

Software Vulnerability is a glitch, flaw, or weakness present in software or operating system. The term Vulnerability is associated with some violation of security policy. This may be due to work security rules, or it may be that there is a problem within the software itself.

All computer systems have vulnerabilities; whether or not they are serious depends on whether or not they are used to cause damage to the system.

Software Vulnerabilities are explained by three ideal factors. These are:-

  • Existence - the existence of a Vulnerability in the software.
  • Access - the possibility that hacker gain access to the Vulnerability.
  • Exploit - the capability of the hacker to take advantage of the Vulnerability via tools or with certain techniques.

An EXPOSURE is a state in a computing system (or set of system) which is not a universal Vulnerability, but either:

> Allows an attacker to conduct information gathering activities .

> Allows an attacker to hide activities.

> Includes a capability that behaves as expected, but can be easily compromised.

> When trying to gain unauthorised access to a system, intruder usually first conducts a routine scan (or investigation) off the target, collects any exposed data, and then explore its security policy weakness or Vulnerability.

SENSITIVE DATA EXPOSURE occurres when an application, company, or other entity inadvertently exposes personal data. Sensitive data exposure differs from a data breach, in which an attacker accesses and steals information. sensitive data exposure occurs as a result of not adequately protecting the database where information is stored. This might be a result of a multitude of things such as weak encryption, no encryption, software flaws, or when someone mistakenly uploads data to incorrect database.

BROKEN BROKEN ACCESS CONTROL:

It it is one of the most common vulnerabilities packet labs discovers when performing web application penetration tests are broken access controls. Access control vulnerabilities when user can act outside of their intended permissions. This typically leads to an authorised access leads to unauthorised access, information disclosure, and modification or destruction of data. These vulnerabilities arises from insecure coding or insecure implementation of authentication and authorization mechanism.

Access control are designed to prevent user from acting outside their intended permissions, when Vulnerabilities exist in these controls, or there are no controls users can act outside of their intended permissions.

Now the question arises that's why there are software Vulnerabilities ?

Vulnerabilities exist in all types of software. For instance, the popular open source web browser Firefox has had more than hundred vulnerabilities.

Software development is not a perfect process. programmers open work on timelines set by management teams that attempt to set a reasonable goals. Developers do their best to design a secure products as they progress but may not be able to identify all flaws before anticipated release date.

Once an attacker identifies an Vulnerabilities, he can write a new computer program that use is that opportunity to get into a machine and take it over.

Now now let we discuss how to avoid software Vulnerabilities -

Vulnerability management is an essential process through which organisation can reduce risk in their environment.

  1. Regularly installing the latest security patches and software updates is indeed an important measure to take to protect a network.
  2. Build a strong firewall. With this, your network will be protected against online vulnerabilities.
  3. Inclusion of flawed components.
  4. To add an extra layer of security in the network, install security software to all computers and other devices that are connected to the network.
  5. It is important that our network is being strictly managed and monitored by a group of highly skilled IT professionals.

Related Solutions

Which of the following is not an OWASP Top 10 Web Application Security Risk? Group of...
Which of the following is not an OWASP Top 10 Web Application Security Risk? Group of answer choices Broken access control Software maturity Insecure deserialization XML External Entities
Define and discuss Web Site Security and also Define and discuss Web Application Security.
Define and discuss Web Site Security and also Define and discuss Web Application Security.
I am working on a project for my business class to creat a non profit organization!...
I am working on a project for my business class to creat a non profit organization! I came up with offering free WIFI/internet to everyone in the comfort of their own homes (without having to run to starbucks everytime you need to look something up) I am having trouble answering these two questions regarding my non profit so any advice would help! 5. Describe the type of legal structure that would be most appropriate for the non-profit organization. 6. Discuss...
Define and discuss typical Web Site and Web Application Security tools and attack mitigation processes.
Define and discuss typical Web Site and Web Application Security tools and attack mitigation processes.
You just landed a Project Manager volunteer position for a non-profit organization. As they don’t know...
You just landed a Project Manager volunteer position for a non-profit organization. As they don’t know much about project management, they want your advice with a couple of things. Some of their sponsors are giving them money for buying materials and software. They trust you because you seem to know a lot about this, help them with the following recommendations: 1. Is it worth it to buy a PM software or to get a Free/Open source/Online version? Provide two reasons...
You just landed a Project Manager volunteer position for a non-profit organization. As they don’t know...
You just landed a Project Manager volunteer position for a non-profit organization. As they don’t know much about project management, they want your advice with a couple of things. Some of their sponsors are giving them money for buying materials and software. They trust you because you seem to know a lot about this, help them with the following recommendations: 1. Is it worth it to buy a PM software or to get a Free/Open source/Online version? Provide two reasons...
Marketing List three ways in which non-profit organization marketing differs from that of a for-profit organization....
Marketing List three ways in which non-profit organization marketing differs from that of a for-profit organization. - Difference #1 ______________________________________________________________________________                 ______________________________________________________________________________ - Difference #2 ______________________________________________________________________________                 ______________________________________________________________________________ - Difference #3 ______________________________________________________________________________                 ______________________________________________________________________________
dentify and analyze a real-life, business application of statistics. The “business” can be a for-profit, non-profit,...
dentify and analyze a real-life, business application of statistics. The “business” can be a for-profit, non-profit, small or large entity. The following are not acceptable topics: • An application that uses descriptive statistics (i.e., graphs, percentages, measures of central tendency or dispersion) You do not have to collect actual data from a business or apply the statistical procedure/calculate an answer. Write a brief summary of the business context (e.g., manufacturing, marketing, finance, etc.) including the name of the company or...
Q1. What is the corporate finance role in a non-profit organization?
Q1. What is the corporate finance role in a non-profit organization?
Q1. What is the corporate finance role in a non-profit organization?
Q1. What is the corporate finance role in a non-profit organization?
ADVERTISEMENT
ADVERTISEMENT
ADVERTISEMENT