Question

In: Computer Science

You are working for an organisation that is using a very old web-based application that was...

You are working for an organisation that is using a very old web-based application that was developed in-house and is only used by members of the organisation. The leader of the web development team has indicated that the application needs to be urgently redeveloped as it is dependent upon outdated frameworks that have recently been found to be vulnerable to SQL injection attacks, however the organisation is currently short on funding. One of the security team has suggested using a web application firewall to prevent common attacks instead.
(a) Explain the additional security that would be provided by the web application firewall.
(b) Discuss any alternative or complimentary technologies that would assist in securing the application.

Solutions

Expert Solution

(a) Additional security by firewall:

Web application firewall also known as WAF also helps in filtering out the data packets and monitoring the traffic in the system. It will block the data packets from malicious sources.

Apart from this it also helps the developers from making any coding mistakes and fix them quickly.

It is used to scan the applications for security reasons.

(b) Ways to securing the application:

  • There are many security platforms that should be used. For example, WebARX.
  • Apart from that, there are input testing tools, fuzzing, etc. that should be used with scanners and firewalls.
  • Password cracking tools should be used to check the password strength. A powerful tool such as Burp Suite can be used for protection of the application.
  • Nikto is also another open source scanner tool that can test the vulnerability and prevent any issues.

Apart from these tools and technologies following measures should also be applied:

  • An intentional attack can be generated from the team members to check if the application is vulnerable and easy to inject malicious code into.
  • Security blogs should be read to know about the latest attacks on web applications and then using the tools and techniques to prevent them from happening.
  • Data should be backed up on a regular basis.
  • Regular scanning should be done.
  • Security experts should be consulted more often and advice should be followed. The inputs in the application and output for the user should be sanitized.
  • Firewalls and antivirus programs should be updated regularly and security patches should be up to date as well.

Related Solutions

Consider an IT organisation . There are two units in the organisation- Application Development and Management...
Consider an IT organisation . There are two units in the organisation- Application Development and Management Team and IT Operation Team . There exist two separate channels for the customers to communicate the organisation- one between the client and application development team for product creation and alteration and the other channel for the customer to communicate the IT operation team for operational issues . Are there any problems with this model ? If you want to set up the IT...
Suppose you are working on a project of an organisation. As a stakeholder of the project,...
Suppose you are working on a project of an organisation. As a stakeholder of the project, you feel that the project needs some changes/revisions. The changes/revisions could be but are not limited to A. The budget B. Schedule C. Quality measures D. Scope E. Availability of resources (both materials and manpower) Based on these facts, your writing should cover the following key points but are not limited to: A. Identify and overview a detailed description of the proposed changes (the...
Web Application Development Course - C# Update the ASP.NET web application code by adding below functionality:...
Web Application Development Course - C# Update the ASP.NET web application code by adding below functionality: • Create a new web form called Welcome.aspx and add labels to show name, company, email, and membership. • Create a new business layer class called Customer to hold the entered user details • When the user clicks on Sign Up button and if all the validations on the page pass o Store the details entered on page in the Customer object. o Save...
Develop an activity diagram based on the following narrative which describes a workflow for an application for a job promotion in an organisation.
Develop an activity diagram based on the following narrative which describes a workflow for an application for a job promotion in an organisation.The applicant completes a Work Performance Review (WPR) document and submits it to his/her manager. The manager assesses the WPR document and decides whether to approve the applicant’s promotion.Where a promotion has not been approved by the manager, the manager sends the applicant written feedback on where the applicant needs to improve for promotion to take place. Where...
Web-based application designers often make a fundamental mistake in their applications regarding the source of data....
Web-based application designers often make a fundamental mistake in their applications regarding the source of data. Identify and explain this mistake, including how applications handle this common error.
Examine how the concept of Ethics is treated in the organisation you are working or one...
Examine how the concept of Ethics is treated in the organisation you are working or one to which you are familiar. Discuss and support with examples ethical issues arising in at least three functional areas of the organisation
the code base you will be working with involves an Android application. (Android Studio) application name...
the code base you will be working with involves an Android application. (Android Studio) application name " SharingApp" In the application’s current state: A user of the app is able to create and edit a profile with a unique username and an email address. A user of the app is able to login and logout. An owner is able to record the items they own and wish to share. A bidder is able to place bids on items they wish...
1. An HTML document that’s generated by a web application is a ________________________ web page. 2....
1. An HTML document that’s generated by a web application is a ________________________ web page. 2. An easy way to log the progress of an application in Chrome’s Console panel is to insert __________________ methods at critical points in the code. 3. The childNodes property of a DOM object returns a/an ______________________ of the child nodes for that object. 4. The ___________________ method of an array can be used to concatenate the elements of the array into a single string.​...
what we should do to protect and secure Web Site and Web Application
what we should do to protect and secure Web Site and Web Application
(b) Assuming the organisation that you are working for uses the systems approach to management, describe...
(b) Assuming the organisation that you are working for uses the systems approach to management, describe how this approach is practiced in your organisation. (10marks)
ADVERTISEMENT
ADVERTISEMENT
ADVERTISEMENT