Question

Many cyber security attacks are made possible due to common weaknesses in software. The Open Web Application Security Project (OWASP) publishes information to assist in the development of secure application software. Every few years OWASP publish their Top 10 Application Security Risks, along with guidance to prevent and mitigate these common development errors. Your task is as follows: 1. Browse the OWASP Top 10 web site and read the summary page for each of the top 10 application security vulnerabilities 2. Of the ten vulnerabilities, choose three that you will investigate more thoroughly 3. For each of the three chosen vulnerabilities, answer the following questions: a. Explain what causes this vulnerability, and how it weakens the security of the computing system b. Describe a plausible attack scenario where the vulnerability is exploited, and describe an asset that may suffer harm c. Explain a process or technical control which will mitigate this vulnerability, clearly explaining how your suggestion would directly address the identified vulnerability

Answer 1

Solution 1: OWASP actually refers to the Open Web Application Security Project and it is an online forum that is concerned with the production as well as the sharing of the documents containing the information regarding web development security. The list of top-10 vulnerabilities that are mentioned by the OWASP are:

1. Cross Site Scripting (XSS)
2. Insecure Deserialization
3. Broken Authentication
4. Using Components with known vulnerabilities
5. XML External Entities (XXE)
6. Broken Access control
7. Security misconfigurations
8. Insufficient logging and monitoring
9. Injection
10. Sensitive Data Exposure

Solution 2: Three vulnerabilities that are chosen for the description are:

1. Injection: These are those vulnerabilities that are present within a system that can be used by a hacker or a cracker for the injection of a malicious program into the website. SQL injection is one such method that is used by the hackers to inject the malicious SQL code into a backend database associated with a website to get the anauthorized access to the private data of that site. One of the remedies to this kind of vulnerabilities is to allow minimum plugins and the themes to be installed on your browser software, etc.
2. Sensitive Data Exposure: It actually refers to the vulnerability by virtue of which a particular website is not able to properly hide the sensitive data that is present on it. This data may include Social Security Numbers, Credit Card Numbers, Bank Account Numbers, etc. Due to this it gets exposed to the hackers and other cyber criminals that can actually misuse this data. The probability of such kinds of attacks can be reduced by installing the Secured Socket Layer certificate or the SSL certificate for your website as it can effectively secure the data that is in transit between the client as well as the host computer system.
3. Broken Access Control: It is of the utmost importance to control the access to the sensitive data that is managed by the website. Therefore the access control is used to provide the access to the data to the various users of the websites in accordance with their roles and responsibilities. Sometimes, this whole mechanism is under threat or does not work fine due to the major loopholes within the system. In order to prevent such kinds of attacks, implement Multi-Factor authentication to authenticate each and every user before they access any resource associated with the website.

Here's the solution to your question, please provide it a 100% rating. Thanks for asking and happy learning!!