CYB_240_Module_Three_Project_Two_Bailey_Holly

docx

School

University of Missouri, Columbia *

*We aren’t endorsed by this school

Course

7850

Subject

Computer Science

Date

Apr 3, 2024

Type

docx

Pages

4

Uploaded by bails4

Report
Bailey Holly Professor Bernuy Application Security CYB-240-R3445 28 January 2024 Module 3-3 Project Two Stepping Stone: Preliminary Report Overview Following the security vulnerabilities identified in the previous development, this report explores preventative measures to be implemented in future projects. Analyzing the identified risks through the lens of both the OWASP Top Ten risks and OWASP Top Ten Proactive Controls, we aim to minimize last-minute revisions and build secure applications from the ground up. Risk One Identified- Injection (A01:2017-Injection) The application suffered from crippling injection vulnerabilities, allowing attackers to tamper with data, bypass security gates, and even hijack the system. By injecting malicious code into the application’s logic, attackers could manipulate sensitive information, gain unauthorized access to restricted areas, or take complete control of the server, potentially leading to devastating consequences like data theft, system takeover, or malware deployment. This risk demands stringent attention to proper input handling, secure coding practices, and dedicated security testing throughout the development process. Mitigation Strategy (A01:2017-Injection) To safeguard against injection attacks, I recommend a three-pronged approach: robust frameworks (C2), string sanitation scrubs (C4), and rigorous input validation (C5). By leveraging
secure coding libraries and established frameworks (C2), you enlist pre-built defenses against injection vulnerabilities. Furthermore, data encoding and escaping techniques (C4) act as thorough sanitization scrubs, neutralizing any malicious characters before they can infiltrate the system. Finally, implementing comprehensive input validation at every entry point (C5) thoroughly inspects every data point, ensuring only expected data formats and lengths can enter the application. This multi-layered strategy effectively shields the application from the perils of injection attacks. Risk Two Identified- Broken Access Control (A05:2017-Broken Access Control) The application’s penetrable access control, plagued by leaky permissions and exploitable checkpoints, invited intruders to a buffet of sensitive data and functionality. This gaping vulnerability threatened to expose confidential information, compromise user privacy, and even dismantle system operations, which is a hacker’s gold mine ripe for data breaches, identity theft, and sabotage. From weak privilege assignments to manipulated tokens, the flows ran deep, demanding immediate fortification to safeguard every digital vault before unauthorized hands pilfered their treasures. Mitigation Strategy (A05:2017-Broken Access Control) To seal cracks in the application’s access control, a three-pronged approach is essential: define security requirements (C1), forge secure identities (C6), and enforce access controls (C7). First, clearly define access requirements, who gets what, how, and when. This blueprint lays the foundation for a secure environment. Next, forge strong digital identities, multi-factor authentication and Role Based Access Controls (RBAC) act as ironclad gates, barring unauthorized entry. Finally, encase every vulnerability and constantly implement access controls
across all data, APIs, and functionalities. By diligently applying these measures, you can transform the application’s access control from penetrable to impenetrable, safeguarding the data and functionalities from unwanted guests.
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
  • Access to all documents
  • Unlimited textbook solutions
  • 24/7 expert homework help
Citations OWASP. (2018). OWASP Proactive Controls. OWASP.org. https://owasp.org.www-project- proactive-controls/ OWASP. (2021). OWASP Top Ten. Owasp.org; OWASP. https://owasp.org/www-project-top-ten/ OWASP. (2021). A03 Injection – OWASP Top 10:2021. Owasp.org; OWASP. https://owasp.org/Top10/A03_2021-Injection/ C2: Leverage Security Frameworks and Libraries | OWASP. (n.d.). Owasp.org. https://owasp.org/www-project-proactive-controls/v3/en/c2-leverage-security-frameworks- libraries C4: Encode and Escape Data | OWASP. (n.d.). Owasp.org. https://owasp.org/www-project- proactive-controls/v3/en/c4-encode-escape-data C5: Validate All Input | OWASP. (n.d.). Owasp.org https://owasp.org/www-project-proactive- controls/v3/en/c5-validate-inputs OWASP. (2021). A01 Broken Access Control – OWASP Top 10:2021. Owasp.org; OWASP. https://owasp.org/Top10?A01_2021-Broken_Access_Control/ C1: Define Security Requirements | OWASP. (n.d.) Owasp.org https://owasp.org/www-project- proactive-controls/v3/en/c1-security-requirements C6: Implement Digital Identity | OWASP. (n.d.). Owasp.org https://owasp.org/www-project- proactive-controls/v3/en/c6-digital-identity C7: Enforce Access Controls | OWASP. (n.d.). Owasp.org https://owasp.org/www-project- proactive-controls/v3/en/c7-enforce-access-controls

Related Documents

CYB_230_Module_Two_Lab_Bailey_Holly.docx
Annie CRM Assignment.doc
CYB_240_Module_One_Bailey_Holly.docx
CYB_240_Module_Four_Lab_Bailey_Holly.docx
CYB_240_Module_Seven_Project_Two_Bailey_Holly.docx
WEEK 2.2 1 ASSIGNMENT.docx
CYB_240_Module_Three_Lab_Bailey_Holly.docx
Lab Activity Measuring Species Diversity Spring 2022.pdf
Assignment_III (1).pdf
ValenciaA_BUSN600week5.docx
Comp 1 Pre test essay questions - PSCI 2306.docx
WEEK 10.2 STAQ ASSIGNMENTS.docx
Recommended textbooks for you
Text book image
Information Technology Project Management
Computer Science
ISBN:9781337101356
Author:Kathy Schwalbe
Publisher:Cengage Learning
Text book image
Fundamentals of Information Systems
Computer Science
ISBN:9781337097536
Author:Ralph Stair, George Reynolds
Publisher:Cengage Learning
Text book image
Management Of Information Security
Computer Science
ISBN:9781337405713
Author:WHITMAN, Michael.
Publisher:Cengage Learning,
Text book image
Principles of Information Systems (MindTap Course...
Computer Science
ISBN:9781305971776
Author:Ralph Stair, George Reynolds
Publisher:Cengage Learning
Text book image
Principles of Information Systems (MindTap Course...
Computer Science
ISBN:9781285867168
Author:Ralph Stair, George Reynolds
Publisher:Cengage Learning
Text book image
Principles of Information Security (MindTap Cours...
Computer Science
ISBN:9781337102063
Author:Michael E. Whitman, Herbert J. Mattord
Publisher:Cengage Learning
SEE MORE TEXTBOOKS
Recommended textbooks for you
Text book image
Information Technology Project Management
Computer Science
ISBN:9781337101356
Author:Kathy Schwalbe
Publisher:Cengage Learning
Text book image
Fundamentals of Information Systems
Computer Science
ISBN:9781337097536
Author:Ralph Stair, George Reynolds
Publisher:Cengage Learning
Text book image
Management Of Information Security
Computer Science
ISBN:9781337405713
Author:WHITMAN, Michael.
Publisher:Cengage Learning,
Text book image
Principles of Information Systems (MindTap Course...
Computer Science
ISBN:9781305971776
Author:Ralph Stair, George Reynolds
Publisher:Cengage Learning
Text book image
Principles of Information Systems (MindTap Course...
Computer Science
ISBN:9781285867168
Author:Ralph Stair, George Reynolds
Publisher:Cengage Learning
Text book image
Principles of Information Security (MindTap Cours...
Computer Science
ISBN:9781337102063
Author:Michael E. Whitman, Herbert J. Mattord
Publisher:Cengage Learning
SEE MORE TEXTBOOKS