Introduction
There are more Web application vulnerabilities than one can even count, and they have become so widespread that most hacking sites have tools that you can download to search, find, and exploit tools these vulnerabilities. This makes it very easy for even a rookie hacker to exploit these flaws. The three common web application vulnerabilities and attacks are as follows: Username enumeration, Security misconfiguration, and SQL Injection.
Three common Web application vulnerabilities and attacks
Username enumeration is my first common Web application vulnerability and/or attack. This type of attack is backend validation script that helps an attacker determine if a username is correct or not. This vulnerability opens the door for an attacker allowing them to test different usernames in order to locate valid ones. Attackers often use default usernames and passwords such as admin/admin, etc. Some mitigation strategies that can help minimize these type of attacks would be to limit the amount of failed attempt that can be performed, as well as making sure default usernames and passwords are changed and never used in production systems. (Cobb, 2011)
Security misconfiguration is my second common Web application vulnerability and/or attack. If a network infrastructure supports any type of Web applications running on such things as databases, firewalls, and servers, there is a definite need them to be more securely configured and maintained. Some mitigation strategies might include a configuration with the minimal amount of privileges set. Making sure that users are adequately trained. It may also be beneficial to perform some penetration tests to determine if the Web applications are able securely configured and able to withsta...
... middle of paper ...
...law breakers. The more laws that the Federal Government create to attempt to regulate the internet the more attacks they will be exposed to. (O'Keefe, 2012)
Works Cited
Cobb, M. (2011), Five common web application vulnerabilities and how to avoid them,
Retrieved on January 17, 2014 from http://searchsecurity.techtarget.com/tip/Five-common-Web-application-vulnerabilities-and-how-to-avoid-them
Kennedy, S. (2005). Common web application vulnerabilities, Retrieved on January 17, 2014
From, http://www.isaca.org/Journal/Past-Issues/2005/Volume-4/Pages/Common-Web-Application-Vulnerabilities1.aspx
O'Keefe, E. (2012), How was the justice department web site attacked? , Retrived on January 17,
2014, http://www.washingtonpost.com/blogs/federal-eye/post/how-was-the- justice%20department-web-site%20attacked/2012/01/19/gIQA6EGHDQ_blog.html?wpisrc=nl_fedinsider
A scan of Aim Higher College’s primary Web server using a Nikto shows a large number of default configuration files and sample files on many of the older servers. It seems from the scenario that there are possible vulnerabilities or exploits that are present in the files and if loaded and accessed it will cause some harm or damage to the machine and or network. Countermeasures to protect against this scenario would be the implementation of a secured network where it would be tough to access the files. Have a WPA2 wireless network in place so there is no sufficient way to manipulate the files. Also, implement patch management and keep up to date of anti-malware and anti-spyware updates. This helps in the summarization of the possible threats the College can face in certain scenarios and explains in how to protect against them.
Software application development at my company was initiated first out of security concerns. There were increasing numbers of security breaches reported in hospitals, banks, Yahoo, and other places that paused potential hazards (Snyder, 2014). We are in the financial Industry with huge volumes of sensitive data. Our Information Technology department expressed concerns that our SQL server was an easy target to those that may want to hack the system. Existing security measures and periodic training were very strict but they were not enough to protect customers from hackers.
"USDOJ: Fact Sheet: the Department of Justice Ten Years After 9/11." USDOJ: Fact Sheet: the Department of Justice Ten Years After 9/11. N.p., 11 Sept. 2011. Web. 12 Apr. 2014. .
The attacks highlight the shortcomings in the system, trace them and correct the problem. Almost all major IT firms, defense systems and Cyber related organizations imply these methods in their security prevention mechanisms.
As electronic commerce, online business-to-business operations, and global connectivity have become vital components of a successful business strategy, enterprises have adopted security processes and practices to protect information assets. But if you look at today's computing environments, system security is a horrible game of numbers: there are currently over 9,223 publicly released vulnerabilities covering known security holes in a massive range of applications from popular Operating Systems through to obscure and relatively unknown web applications. [01] Over 300 new vulnerabilities are being discovered and released each month. Most companies work diligently to maintain an efficient, effective security policy, implementing the latest products and services to prevent fraud, vandalism, sabotage, and denial of service attacks. But the fact is you have to patch every hole of your system, but an attacker need find only one to get into your environment. Whilst many organisations subscribe to major vendor's security alerts, these are just the tip of the security iceberg and even these are often ignored. For example, the patch for the Code Red worm was available some weeks before the worm was released. [02]
Tracy, M., Jansen, W., Scarfone, K., & Winograd, T. (2007, 09 30). Guidelines on Securing Public Web Servers. Retrieved from http://csrc.nist.gov/publications/nistpubs/800-44-ver2/SP800-44v2.pdf
in the form of packet filtering, session matching and also make sure that the details of the systems in the intranet
Waterman, Shaun. "Obama Hits Pause on U.S. Action in Face of Crippling Cyber Strikes from Syria, Iran." Washington Times 28 Aug. 2013. Print. (Source B)
However, government agencies, especially in America, continue to lobby for increased surveillance capabilities, particularly as technologies change and move in the direction of social media. Communications surveillance has extended to Internet and digital communications. law enforcement agencies, like the NSA, have required internet providers and telecommunications companies to monitor users’ traffic. Many of these activities are performed under ambiguous legal basis and remain unknown to the general public, although the media’s recent preoccupation with these surveillance and privacy issues is a setting a trending agenda.
Grimes, R. (2012.), The 5 cyber-attacks you're most likely to face, Retrieved on February 28,
Internet privacy and security has become the concern of many individuals throughout recent years. There are a very limited amount of laws that have been enacted to combat computer or cyber related crimes. This has become an issue because as the internet grows increasingly popular so does the criminal and immoral behavior that abounds on it. With these crimes gaining in impact, effectiveness, and frequency, there needs to be more repercussions for these crimes. The United States government needs to increase restrictions on the amount and type of data on individuals from the internet, to prevent the government from invading privacy of citizens and to prevent companies from storing browser histories of individuals, to then sell that information to ad agencies and other companies.
People want the freedom and empowerment to use technology, while being protected against malicious actions. Protection starts with awareness and education, the government needs to begin empirical goals around previous campaign successes. President Obama noted, “The government is bringing about unprecedented transparency and liability for Americans to take part in their democracy.” (Obama, 2009).
Free speech on the Internet is a very controversial subject and has been the key problem surrounding the Internet today. The attempt to regulate and govern the Internet is still pursued by government officials. This subject has been intensified due to terrorist attacks against the United States and around world within the past years. The government believes that by regulating the Internet, it will protect the general public from criminal actions and eliminate the exposure of children to pornography or vulgar language. Senator Jim Exon of ...
" Detangling the web: a screenshot of U.S. government cyber activity." Joint Force Quarterly July 2015: 75+. War and Terrorism Collection. Web.
number of people who have the ability to access the internet is so high, laws that are