Introduction
There are more Web application vulnerabilities than one can even count, and they have become so widespread that most hacking sites have tools that you can download to search, find, and exploit tools these vulnerabilities. This makes it very easy for even a rookie hacker to exploit these flaws. The three common web application vulnerabilities and attacks are as follows: Username enumeration, Security misconfiguration, and SQL Injection.
Three common Web application vulnerabilities and attacks
Username enumeration is my first common Web application vulnerability and/or attack. This type of attack is backend validation script that helps an attacker determine if a username is correct or not. This vulnerability opens the door for an attacker allowing them to test different usernames in order to locate valid ones. Attackers often use default usernames and passwords such as admin/admin, etc. Some mitigation strategies that can help minimize these type of attacks would be to limit the amount of failed attempt that can be performed, as well as making sure default usernames and passwords are changed and never used in production systems. (Cobb, 2011)
Security misconfiguration is my second common Web application vulnerability and/or attack. If a network infrastructure supports any type of Web applications running on such things as databases, firewalls, and servers, there is a definite need them to be more securely configured and maintained. Some mitigation strategies might include a configuration with the minimal amount of privileges set. Making sure that users are adequately trained. It may also be beneficial to perform some penetration tests to determine if the Web applications are able securely configured and able to withsta...
... middle of paper ...
...law breakers. The more laws that the Federal Government create to attempt to regulate the internet the more attacks they will be exposed to. (O'Keefe, 2012)
Works Cited
Cobb, M. (2011), Five common web application vulnerabilities and how to avoid them,
Retrieved on January 17, 2014 from http://searchsecurity.techtarget.com/tip/Five-common-Web-application-vulnerabilities-and-how-to-avoid-them
Kennedy, S. (2005). Common web application vulnerabilities, Retrieved on January 17, 2014
From, http://www.isaca.org/Journal/Past-Issues/2005/Volume-4/Pages/Common-Web-Application-Vulnerabilities1.aspx
O'Keefe, E. (2012), How was the justice department web site attacked? , Retrived on January 17,
2014, http://www.washingtonpost.com/blogs/federal-eye/post/how-was-the- justice%20department-web-site%20attacked/2012/01/19/gIQA6EGHDQ_blog.html?wpisrc=nl_fedinsider
A scan of Aim Higher College’s primary Web server using a Nikto shows a large number of default configuration files and sample files on many of the older servers. It seems from the scenario that there are possible vulnerabilities or exploits that are present in the files and if loaded and accessed it will cause some harm or damage to the machine and or network. Countermeasures to protect against this scenario would be the implementation of a secured network where it would be tough to access the files. Have a WPA2 wireless network in place so there is no sufficient way to manipulate the files. Also, implement patch management and keep up to date of anti-malware and anti-spyware updates. This helps in the summarization of the possible threats the College can face in certain scenarios and explains in how to protect against them.
Software application development at my company was initiated first out of security concerns. There were increasing numbers of security breaches reported in hospitals, banks, Yahoo, and other places that paused potential hazards (Snyder, 2014). We are in the financial Industry with huge volumes of sensitive data. Our Information Technology department expressed concerns that our SQL server was an easy target to those that may want to hack the system. Existing security measures and periodic training were very strict but they were not enough to protect customers from hackers.
The attacks highlight the shortcomings in the system, trace them and correct the problem. Almost all major IT firms, defense systems and Cyber related organizations imply these methods in their security prevention mechanisms.
Tracy, M., Jansen, W., Scarfone, K., & Winograd, T. (2007, 09 30). Guidelines on Securing Public Web Servers. Retrieved from http://csrc.nist.gov/publications/nistpubs/800-44-ver2/SP800-44v2.pdf
in the form of packet filtering, session matching and also make sure that the details of the systems in the intranet
As electronic commerce, online business-to-business operations, and global connectivity have become vital components of a successful business strategy, enterprises have adopted security processes and practices to protect information assets. But if you look at today's computing environments, system security is a horrible game of numbers: there are currently over 9,223 publicly released vulnerabilities covering known security holes in a massive range of applications from popular Operating Systems through to obscure and relatively unknown web applications. [01] Over 300 new vulnerabilities are being discovered and released each month. Most companies work diligently to maintain an efficient, effective security policy, implementing the latest products and services to prevent fraud, vandalism, sabotage, and denial of service attacks. But the fact is you have to patch every hole of your system, but an attacker need find only one to get into your environment. Whilst many organisations subscribe to major vendor's security alerts, these are just the tip of the security iceberg and even these are often ignored. For example, the patch for the Code Red worm was available some weeks before the worm was released. [02]
The use of hacking can be very beneficial as a means of identifying weaknesses in computer security. Nowadays, numerous companies and governments use this technique to assess the level of security of their systems and determine if any valuable information is at risk of being accessed unlawfully. Ethical hackers are employed to identify potential threats on a single computer or a whole network of computers. The found potential exploits are later patched thus decreasing the chance of a breach in the system and increasing its overall security and reliability.
Wark , Robin. "Should Governments Regulate The Internet?." ParetoLogic Inc.. N.p., n.d. Web. 12 May 2014. .
Waterman, Shaun. "Obama Hits Pause on U.S. Action in Face of Crippling Cyber Strikes from Syria, Iran." Washington Times 28 Aug. 2013. Print. (Source B)
However, government agencies, especially in America, continue to lobby for increased surveillance capabilities, particularly as technologies change and move in the direction of social media. Communications surveillance has extended to Internet and digital communications. law enforcement agencies, like the NSA, have required internet providers and telecommunications companies to monitor users’ traffic. Many of these activities are performed under ambiguous legal basis and remain unknown to the general public, although the media’s recent preoccupation with these surveillance and privacy issues is a setting a trending agenda.
Grimes, R. (2012.), The 5 cyber-attacks you're most likely to face, Retrieved on February 28,
" Detangling the web: a screenshot of U.S. government cyber activity." Joint Force Quarterly July 2015: 75+. War and Terrorism Collection. Web.
Free speech on the Internet is a very controversial subject and has been the key problem surrounding the Internet today. The attempt to regulate and govern the Internet is still pursued by government officials. This subject has been intensified due to terrorist attacks against the United States and around world within the past years. The government believes that by regulating the Internet, it will protect the general public from criminal actions and eliminate the exposure of children to pornography or vulgar language. Senator Jim Exon of ...
number of people who have the ability to access the internet is so high, laws that are
"In an increasingly digital world, we must contend the question of what role the government at all levels must play in monitoring the internet. The beauty of the internet is the freedom it affords, and because of this freedom, it has given rise to major American companies like Apple and Google. According to Nielsen, the internet was responsible for 68.2 billion dollars of the United States’ GDP in 2010. That’s not even counting countless businesses that rely on the internet to provide goods and perform services, or accounting for growth since then. The internet is becoming more and more important in our modern digital age, and we must confront the question of whether and how the government may monitor content.