Question

In: Computer Science

Many cyber security attacks are made possible due to common weaknesses in software. The Open Web...

Many cyber security attacks are made possible due to common weaknesses in software. The Open Web Application Security Project (OWASP) publishes information to assist in the development of secure application software. Every few years OWASP publish their Top 10 Application Security Risks, along with guidance to prevent and mitigate these common development errors. Your task is as follows: 1. Browse the OWASP Top 10 web site and read the summary page for each of the top 10 application security vulnerabilities 2. Of the ten vulnerabilities, choose three that you will investigate more thoroughly 3. For each of the three chosen vulnerabilities, answer the following questions: a. Explain what causes this vulnerability, and how it weakens the security of the computing system b. Describe a plausible attack scenario where the vulnerability is exploited, and describe an asset that may suffer harm c. Explain a process or technical control which will mitigate this vulnerability, clearly explaining how your suggestion would directly address the identified vulnerability

Solutions

Expert Solution

Solution 1: OWASP actually refers to the Open Web Application Security Project and it is an online forum that is concerned with the production as well as the sharing of the documents containing the information regarding web development security. The list of top-10 vulnerabilities that are mentioned by the OWASP are:

  1. Cross Site Scripting (XSS)
  2. Insecure Deserialization
  3. Broken Authentication
  4. Using Components with known vulnerabilities
  5. XML External Entities (XXE)
  6. Broken Access control
  7. Security misconfigurations
  8. Insufficient logging and monitoring
  9. Injection
  10. Sensitive Data Exposure

Solution 2: Three vulnerabilities that are chosen for the description are:

  1. Injection: These are those vulnerabilities that are present within a system that can be used by a hacker or a cracker for the injection of a malicious program into the website. SQL injection is one such method that is used by the hackers to inject the malicious SQL code into a backend database associated with a website to get the anauthorized access to the private data of that site. One of the remedies to this kind of vulnerabilities is to allow minimum plugins and the themes to be installed on your browser software, etc.
  2. Sensitive Data Exposure: It actually refers to the vulnerability by virtue of which a particular website is not able to properly hide the sensitive data that is present on it. This data may include Social Security Numbers, Credit Card Numbers, Bank Account Numbers, etc. Due to this it gets exposed to the hackers and other cyber criminals that can actually misuse this data. The probability of such kinds of attacks can be reduced by installing the Secured Socket Layer certificate or the SSL certificate for your website as it can effectively secure the data that is in transit between the client as well as the host computer system.
  3. Broken Access Control: It is of the utmost importance to control the access to the sensitive data that is managed by the website. Therefore the access control is used to provide the access to the data to the various users of the websites in accordance with their roles and responsibilities. Sometimes, this whole mechanism is under threat or does not work fine due to the major loopholes within the system. In order to prevent such kinds of attacks, implement Multi-Factor authentication to authenticate each and every user before they access any resource associated with the website.

Here's the solution to your question, please provide it a 100% rating. Thanks for asking and happy learning!!


Related Solutions

Principles, Cyber security: The Deep Web and The Dark Web - A description of a dark...
Principles, Cyber security: The Deep Web and The Dark Web - A description of a dark net, the Surface Web, the Deep Web and the Dark Web. Are any of these terms synonymous? Do they all exist? What is the purpose of those that truly exist? need reference or citation for these questions
Were you surprised that a company as techie as Twitter failed victim to cyber security attacks?...
Were you surprised that a company as techie as Twitter failed victim to cyber security attacks? In your view, did Twitter do a great job identifying that attack? In your view, did Twitter recover form the attack in a timely manner? Please explain.
Cyber Security. Dark Web.................................. What is the supposed origin of the Dark Web? What does your...
Cyber Security. Dark Web.................................. What is the supposed origin of the Dark Web? What does your team think about whether it is needed/not needed? Important/not important? A security risk/not a risk? Any security implications? Please, need reference or citation!
A cyber security engineer is installing a WAF to protect the company's website from malicious web...
A cyber security engineer is installing a WAF to protect the company's website from malicious web requests over SSL. Which of the following is needed to meet the objective? A. A reverse proxy B. A decryption certificate C. A split-tunnel VPN D. Load-balanced servers     A cyber security consultant was asked to revise the security baselines that are utilized by a large organization. Although the company provides different platforms for its staff, including desktops, laptops, and mobile devices, the...
Cyber security Cryptography Homework Part 1: Find good encryption solutions Search the web for various commercial...
Cyber security Cryptography Homework Part 1: Find good encryption solutions Search the web for various commercial encryption algorithms. Find one that you feel may be “snake oil”. Write a report explaining the encryption algorithm and your opinion *in-text citations and references are required *written in at least 2~3 paragraphs
The Open Web Application Security Project or commonly known as OWASP is a non-profit organization that...
The Open Web Application Security Project or commonly known as OWASP is a non-profit organization that provides a number of resources for protecting, defending, and researching web application vulnerabilities. One of the products that the organization produces and regularly updates is a report on the top 10 web application vulnerabilities. This is commonly known in the security community as OWASPS’ Top 10. Your task for Lab 4 is to research and provide a detailed write up on Sensitive Data Exposure...
3. Name two types of common attacks on security and explain how we can test them.
3. Name two types of common attacks on security and explain how we can test them.
Use the Web to research and evaluate security products from two competing vendors, suchas antivirus software,...
Use the Web to research and evaluate security products from two competing vendors, suchas antivirus software, firewalls, or antispyware software.Write a short review (1 page – 5 paragraph) of two (2) of the products listed. For each ofthe product selected from the list, describe its capabilities, for what types of businesses it isbest suited, and its cost to purchase and install
The Transportation Revolution made possible many new business models. Identify, describe, and elaborate on one new...
The Transportation Revolution made possible many new business models. Identify, describe, and elaborate on one new business model created by the development of a network of railroads across America. Please, include cited references for bibliography APA style.
What do all rocks have in common? Rocks are made of how many minerals put together?...
What do all rocks have in common? Rocks are made of how many minerals put together? How does Igneous Rocks form? What is the most unreliable source to identify a minerals property? Explain how each of the three kinds of sedimentary rocks form. List one example of each kind of rock. The meaning of the word "metamorphic" is The type of metamorphism that results from the heat of magma is called? Describes the processes by which sedimentary rock becomes metamorphic...
ADVERTISEMENT
ADVERTISEMENT
ADVERTISEMENT