Web Vulnerabilities Paper

2243 words - 9 pages

Everyday tech users are increasingly engaged with web and mobile applications. These programs have many uses and can be very helpful in progressive usage. However, these applications also serve as the most accessible point of entry for malicious attackers to wreak havoc. The continual growth and usage of web-applications makes the infrastructure one that is susceptible to attack due to lack of thorough security implementation. The Open Web Application Security Project (OWASP) is a community-based non-profit organization that concentrates on increasing the safety in the realm of web applications. It was started in 2001 and ever since then its primary goal has been to create a high level of transparency in the web applications and software in order to allow society to make informed decisions. They have a very open and collaborative mentality when it comes to the sharing of knowledge to include and empower the masses. Each year OWASP publishes a list of most common web application vulnerabilities. The top three have remained relatively dominant over the past few years, regardless of which place they fall into. In 2013 they were: injection, broken authentication and session management, and cross-site scripting. The purpose of this paper is to delve further into three of the top web application vulnerabilities from the past few years and evaluate their impact.

Cross-Site Scripting (XSS) was the number one vulnerability in 2007 and remains prevalent today. XSS occur when an application takes untrusted data and sends it to a web browser without proper validation or escaping. This allows the attacker to implement scripts in the victim’s browser which allows them to execute various types of damage. By successfully utilizing cross-site scripting user sessions can be hijacked, defacing of websites can occur, and the attacker can even redirect users to other malicious sites. Cross-site scripting can occur in two ways…
When data enters a web application through an untrusted source
Dynamic content is sent to a web browser without being filtered for malicious content

There is vast flexibility in cross-site scripting attacks that makes it so effective and hard to prevent. The data can contain malicious content in various forms such as JavaScript, HTML, Flash, or any other form of executable code. There are also a variety of attacks that can occur through this method, the most common being transmission of private data, redirection to malicious web content, or executing malicious operations on the user’s machine. XSS attacks can be categorized into two categories despite the wide-array of possible paths of exploitation; stored XSS attacks and reflected XSS attacks.
Stored XSS attacks permanently store the injected script on the target server, and by requesting the compromised data the victim is susceptible to the malicious script. This is labeled as the most dangerous type of XSS attack because a majority of web applications require some form of storage...

Find Another Essay On Web Vulnerabilities Paper

Updates Over Security Software Essay

2521 words - 10 pages , social media and the World Wide Web. Forgoing the essential step of installing critical updates and patches (Prendergast 28). Purchasing a new computer from a retailer, the operating system has been pre-installed with all the updates available at the time of the installation. Weeks and months could have passed and patches may have been released, leaving the new computer predisposed to security vulnerabilities of all types. As the World Wide Web

The vulnerability of computerised accounting information systems to computer crime.

1509 words - 6 pages recently years, as well as the larger proportion of companies suffers computer related losses (Bagranoff & Moscove & Simkin 2003). Therefore, we can believe that the connection between growing dependence on information technologies and computer crime is positive correlated. This paper addresses the connections between the vulnerabilities of Computerised Accounting Information System and computer crime. Firstly, we will explain what is computer

Penetration Testing after a New Security System is Implemented

1322 words - 6 pages testing was proposed by Ciampa, Visaggio, and Di Penta in 2010. Their paper dealt specifically with testing against SQL injection, and compared the performance of an established tool, to the performance of a new tool that they propose using in the future. Ciampa, Visaggio, and Di Penta recognized that the most wide spread and dangerous web vulnerability at this time is SQL injection. While a tool for testing SQL injection vulnerabilities existed, the

Cloud Computing Security

1573 words - 6 pages Cloud computing facilitates sharing of computing and storage resources with the aim of reducing computing expenses in organizations. Moreover, cloud computing facilitates information sharing among individuals within a cloud. Despite being advantageous, data stored in a cloud is usually prone to hacking and other security issues. This paper addresses the various mitigation measures that organizations are using to ensure that data stored in the

An Introduction to Access Control Mechanisms

2739 words - 11 pages database management systems are mentioned and specific methods for detection and removal of the inference channels to guarantee security are described. Problems related to semantic web are described in detail and some recommendations are mentioned that will be helpful in future. In this paper “Teaching database security and auditing” [Li, 2009] the author explains about importance of Hands-on lab modules which provides students to understand

The Internet's Impact on Information Technology Security

1408 words - 6 pages ), "web site hacks are on the rise and pose a greater threat than…broad-based network attacks" (para. 2). Two common examples of such attacks are SQL injection and cross-site scripting, both of which exploit security vulnerabilities to compromise web applications and gain access to sensitive data sets. Though such deficiencies can be detected and rectified in most cases, the fact remains that the web application software design and

Multi Thread Intrusion Detection System (MIDS) for IPv6 Networks

2109 words - 8 pages capabilities and application, additional security measure are required for next generation operational network for end to end communication. In this paper will elaborate the key threats associated with IPv6 and its possible solution. Intrusion detection system is one of the solutions available, although it is widely used in IPv4 networks, but there is no operational solution for IPv6. In this paper we have proposed an intrusion detection system (IDS

Analyze Tangible and Intellectual Issues in Telecommunication Industry

1623 words - 6 pages In this paper, Team A will discuss tangible and intellectual property issues in the telecommunication industry. Telecommunication has become one of the nation's leading industries in the 21st century. Telecommunication typically involves the use of electronic transmitters through telephone, television, computer, and radio. This industry is extremely important because communication is viable to households, businesses, daily living, and

Cloud Computing: Email and Storage Services

3759 words - 15 pages This paper is intended for the purpose of providing the CIO with the information needed to make a decision whether or not to implement cloud services into our network infrastructure. Information is provided on the types of cloud services available, the vulnerabilities, strengths and weaknesses, email and storage providers, and the recommendation of the research team.   Introduction The Defense Advanced Research Project Agency (DARPA

Why EQ is More Important than IQ

1514 words - 6 pages .6seconds.org , 1998 ) There are activities to build EQ and to take charge of how you think, feel and act. These activities begin with knowing yourself. It's through self-index, reflecting on EQ and naming feelings. The activities are taken out from the Six Seconds' Web (1998). Topic Activities Getting To Know Me 1. Self Index ¨ Make a list of your strengths and your vulnerabilities.¨ Copy your list and give it to several people who

Denial of Service Attacks

2628 words - 11 pages after being exhausted by false requests for information (Houle and Weaver 1). This research paper is a comprehensive look at DoS attacks, including information about their history and development, how to detect them, and what measures should be taken to prevent large amounts of damage. History The first documented DoS activity dates back to 1999. The methods and vulnerabilities are constantly changing, but the result is always the same

Similar Essays

User Vulnerability In Cybesecurity Essay

1863 words - 7 pages Introduction It should not be a surprise that the biggest vulnerability in Cybersecurity is the user (Goldman, 2010). The vulnerabilities presented by the user fall into two general categories: (1) accidental and (2) malicious. Vulnerabilities are important to those that are trying to perform unauthorized actions on an information system. For this paper, the term information system is being used generically to be anything from a home

Vulnerability Scanning Essay

1411 words - 6 pages susceptible to attack because of their connection to the World Wide Web (WWW). This means that that it is important that a vulnerability scan be conducted regularly to ensure a secure system (Appendix A). Internal According to NWN Corporation, an internal vulnerability scan is designed to identify any vulnerability that an organization might have within their internal network. These types of vulnerabilities are usually susceptible from attacks

Ppisql: Prevention And Precisely Identifying Sql Injection Attacks

558 words - 3 pages , Authentication, and Authorization impact. II. WHY NEED TO STUDY SQL? Without any controversy, SQLIA is becoming increasingly difficult to ignore for many reasons. Firstly, SQL Injection Vulnerabilities (SQLIVs) accounted for 20% of input validation vulnerabilities and 10% of total cyber vulnerabilities from 2002 to 2007, (S.Thomas et.all, 589). Secondly, SQLIA is classified as one of the Top Ten in web application vulnerabilities by Web

Static Analysis Of A Source Code

845 words - 3 pages Introduction The main purpose of performing a static analysis of a source code as far as web applications auditing is concern is to detect vulnerability. This article describes therefore an algorithm proposal that will be used to examine two main PHP source code potential vulnerabilities; LFI (Local File Inclusion) and RFI (Remote File Inclusion). The approach will be as follow, a denition of the pat- tern used to nd such les function