Question
In: Computer Science
You are working for an organisation that is using a very old web-based application that was...
You are working for an organisation that is using a very old
web-based application that was developed in-house and is only used
by members of the organisation. The leader of the web development
team has indicated that the application needs to be urgently
redeveloped as it is dependent upon outdated frameworks that have
recently been found to be vulnerable to SQL injection attacks,
however the organisation is currently short on funding. One of the
security team has suggested using a web application firewall to
prevent common attacks instead.
(a) Explain the additional security that would be provided by the
web application firewall.
(b) Discuss any alternative or complimentary technologies that
would assist in securing the application.
Solutions
Expert Solution
(a) Additional security by firewall:
Web application firewall also known as WAF also helps in filtering out the data packets and monitoring the traffic in the system. It will block the data packets from malicious sources.
Apart from this it also helps the developers from making any coding mistakes and fix them quickly.
It is used to scan the applications for security reasons.
(b) Ways to securing the application:
- There are many security platforms that should be used. For example, WebARX.
- Apart from that, there are input testing tools, fuzzing, etc. that should be used with scanners and firewalls.
- Password cracking tools should be used to check the password strength. A powerful tool such as Burp Suite can be used for protection of the application.
- Nikto is also another open source scanner tool that can test the vulnerability and prevent any issues.
Apart from these tools and technologies following measures should also be applied:
- An intentional attack can be generated from the team members to check if the application is vulnerable and easy to inject malicious code into.
- Security blogs should be read to know about the latest attacks on web applications and then using the tools and techniques to prevent them from happening.
- Data should be backed up on a regular basis.
- Regular scanning should be done.
- Security experts should be consulted more often and advice should be followed. The inputs in the application and output for the user should be sanitized.
- Firewalls and antivirus programs should be updated regularly and security patches should be up to date as well.
venereology answered 8 months agoRelated Solutions
Consider an IT organisation . There are two units in the organisation- Application Development and Management...
Consider an IT organisation . There are two units in the
organisation- Application Development and Management Team and IT
Operation Team . There exist two separate channels for the
customers to communicate the organisation- one between the client
and application development team for product creation and
alteration and the other channel for the customer to communicate
the IT operation team for operational issues . Are there any
problems with this model ? If you want to set up the IT...
Suppose you are working on a project of an organisation. As a stakeholder of the project,...
Suppose you are
working on a project of an organisation. As a stakeholder of the
project, you feel that the project needs some changes/revisions.
The changes/revisions could be but are not limited to
A. The budget
B. Schedule
C. Quality measures
D. Scope
E. Availability of resources (both materials and manpower)
Based on these facts, your writing
should cover the following key points but are not limited to:
A. Identify and overview a detailed description of the proposed
changes (the...
Web Application Development Course - C# Update the ASP.NET web application code by adding below functionality:...
Web Application Development Course - C#
Update the ASP.NET web application code by adding below
functionality:
• Create a new web form called Welcome.aspx and add labels to
show name, company, email, and membership.
• Create a new business layer class called Customer to hold the
entered user details
• When the user clicks on Sign Up button and if all the
validations on the page pass
o Store the details entered on page in the Customer object.
o Save...
Develop an activity diagram based on the following narrative which describes a workflow for an application for a job promotion in an organisation.
Develop an activity diagram based on the following narrative
which describes a workflow for an application for a job promotion
in an organisation.The applicant completes a Work Performance Review (WPR) document
and submits it to his/her manager. The manager assesses the WPR
document and decides whether to approve the applicant’s
promotion.Where a promotion has not been approved by the manager, the manager
sends the applicant written feedback on where the applicant needs
to improve for promotion to take place. Where...
Web-based application designers often make a fundamental mistake in their applications regarding the source of data....
Web-based application designers often make a fundamental mistake
in their applications regarding the source of data. Identify and
explain this mistake, including how applications handle this common
error.
Examine how the concept of Ethics is treated in the organisation you are working or one...
Examine how the concept of Ethics is treated in the organisation
you are working or one to which you are familiar. Discuss and
support with examples ethical issues arising in at least three
functional areas of the organisation
the code base you will be working with involves an Android application. (Android Studio) application name...
the code base you will be working with involves an Android
application. (Android Studio)
application name " SharingApp"
In the application’s current state:
A user of the app is able to create and edit a profile with a
unique username and an email address.
A user of the app is able to login and logout.
An owner is able to record the items they own and wish to
share.
A bidder is able to place bids on items they wish...
1. An HTML document that’s generated by a web application is a ________________________ web page. 2....
1. An HTML document that’s generated by a web application is a
________________________ web page.
2. An easy way to log the progress of an application in Chrome’s
Console panel is to insert __________________ methods at critical
points in the code.
3. The childNodes property of a DOM object returns a/an
______________________ of the child nodes for that object.
4. The ___________________ method of an array can be used to
concatenate the elements of the array into a single string....
what we should do to protect and secure Web Site and Web Application
what we should do to protect and secure Web Site and Web
Application
(b) Assuming the organisation that you are working for uses the systems approach to management, describe...
(b) Assuming the organisation that you are working for uses the
systems approach to management, describe how this approach is
practiced in your organisation. (10marks)
ADVERTISEMENT
ADVERTISEMENT
Latest Questions
- B- Design an unbaffled tank to mix a liquid of sp.gr.= 1.297 and viscosity= 94.5 c.p....
- What is a company with international operations, what kinds of entry strategies the firm has used,...
- Write 1 to 3 paragraphs to discussion this question What labor standards regarding safety, working conditions,...
- How does process evaluation and continuous improvement effect project management and the critical path? Apply "Real-World"...
- A student stands at the edge of a cliff and throws a stone horizontally over the...
- Limestone (CaCO3(s)) is fed into a kiln and converted into quicklime (CaO(s)) via the following reaction:...
- 1. Write chemical reactions for both DNA polymerization activity and 3'-->5' exonuclease activity of a DNA...
ADVERTISEMENT