Main Menu

My Account
Online Free Samples
   Free sample   Cyber security assignment exploring ten owasp risks

Cyber security assignmentexploring 10 OWASP risks

Question

Task: How to identify 10 OWASP risks using Cyber security assignment research techniques?

Answer

Introduction
This Cyber security assignment explored cybercrime risks and discusses the top 10 cybercrime risks using OWASP methods. With the increase in Technology in the positive ways there is also increase in the Cybercrime worldwide. Cyber-crimehas increased to the very great extend and it is very important for us to use to technology cunningly rather than falling into the prey of hackers. Many accounts are getting hacked on normal days which compromise the serious data management of the user. For this, OWASP top 10, a standard document is developed for the developers and web application security so that all such issues and problems could be listed and global developers can facilitate more secure coding (OWASP Top 10, 2021). This report will discuss five major security risks, their description, practical application, and the counter ways to protect them.

Discussion
Risk 1: Cryptographic failure

On this OWASP it was identified that the attackers are targeting sensitive data like personal information, credit card number, and many more personal details. Hackers are smart enough to hack every small thing which we cannot think of. It is a root causeway where sensitive data exposure becomes easy. The report of OWASP 2021 or Open Web Application Security Project (OWASP) 2021, data security against cryptographic failure is more important than ever. People should beware of the following and always use some common steps to avoid being getting hacked (OWASP Top 10, 2021):

  • Improper filtering or masking of the data while transit
  • Most common password
  • Old or weak encryption of the data

Some common attack scenarios are:

The password database is using simple or unsalted hashes and a file upload flaw allows the attacker to enter and retrieve the password.(Fang, et. al., 2022). The simple hash is easy to crack by GPU even after salted. So, the following are common ways to protect it:

  • Encryption of the data
  • Use the strong standard algorithm and put all keys in place
  • Avoid the use of FTP and SMTP or other legacy protocol for the sensitive data transportation
  • Authenticated encryption is more important than the normal one

Some live examples of cryptography attacks identified on this OWASP are done through mobiles. Many hackers are smart enough to use cryptographic details and hack the detailed codes and passwords. Recently a case has been filled in the Bank of Baroda where the customer has lost 10lakh rs from the bank as a result of fraud. The customer has forwarded a message and was asked to get their Adhar card details updated on the bank account and once the details were shared cryptographic hackers were smart enough to hack the password and every detail from the bank and easily transferred Rs 10lakh from the bank. Such fraud is done with the people of high age as they are not technically strong and always rely on others for such major decisions.

So, these are some ways that could help in managing cryptographic failure. Cryptographic failure is very rare as the hackers are more intelligent and are highly educated in their cryptography but efforts and many firewalls technique has been used to fight against this cybercrime.

Risk 2: Security misconfiguration
Security misconfigurations are identified as being the main cause of heightened risk on this Cyber security assignment as security controls that are erroneously arranged or left uncertain seriously jeopardizing the frameworks and information. Fundamentally, any ineffective configuration alteration or a technical issue across any part of your endpoints could prompt a misconfiguration.Some common aspects of the misconfiguration include a list of default insecure misconfiguration, ad-hoc configuration, open cloud storage, unnecessary HTTP method, verbose error messages, and many more (OWASP Top 10, 2021). For a simple understanding and knowledge, the security misconfiguration tool is in place because sometimes, an application component is easy to attack due to misconfiguration which might appear or exist in the component(Loureiro, 2021). The OWASP 2021 found it as a weakness in the web application as some apps come with necessary developer features not safe for the user due to debug and QA features.

Under the security misconfiguration NASA Exposed via Default Authorization Misconfiguration – stood in the first place. Under this case, a security researcher discovered security misconfiguration in JIRA which could harm the Fortune 500 companies' personal and corporate data. This issue appears due to authorization misconfiguration in the Global Permission setting of Jira. So, it is important to look for the SaaS during file sharing to maintain data confidentiality and protect it get revealed to the public.

From the above case or many others like this, the best way for prevention is:

  • Security headers
  • Uninstall or remove the unused features and framework
  • Always check the cloud storage permission

These are some preventive measures that should be understood and applied by the companies or a personal individual. By putting such aspects first, a company can protect thousands of data to become vulnerable and bring healthy security to configure the environment to the user.

Risk 3: Vulnerable and Out-dated Component
Software component are also observed as being an important element on this Cyber security assignment. It is important for a framework or application that expands the usefulness of the application, for example, a module, or API. Component-based weaknesses happen when a software part is unsupported, outdated, or helpless against a known issue.It is determined and put second in the Top 10 community survey. The vulnerability increases when the user is not fully aware of the version component or if the component configuration is not secured(Heid and Heider, 2021, November). So, many things supported the vulnerability and outdated component nature that should be understood and take effective steps to control. An example of an attack scenario includes components run with similar privileges, so when the flaws appear, they can cause a serious impact. These flaws can be appeared due to coding errors, and backdoor component entries. The attackers can use IoT to find the unpatched system which makes things easy for the attackers around the world. For keeping the data safe and secure, the best prevention is to put the patch management process (OWASP Top 10, 2021):

  • The first task is to remove the unused dependencies, features, components, files, and documents
  • Obtain the components from official sources like signed packages
  • Deploy a virtual patch to monitor, detect or protect from discovered issues

Some companies are at high risk of vulnerable and outdated components as they hardly check the patch system. Though recent the cases are not found yet in the future if the system remains fails, then there would be higher chances of exploitation.

Some examples of vulnerable and outdate components observed on this Cyber security assignmentare buffer overflow attack. This type of attack is mainly seen in the YouTube videos. Many people have noted while we are using search engine in YouTube, we get the topic from the searched name but the content inside are always different. This is the rewriting of the original memory and changing it into other name so that the user will click the link as per their search content. Though YouTube is the official site so no cyber-crime is promoted. But if the same things are done by any other pirated sites, then we are surely going to get hacked.

Risk 4: Software and Data Integrity Failure
Data integrity and software failure connect with code and foundation that doesn't safeguard against integrity. An illustration of this is where an application depends upon modules, libraries, or modules from untrusted sources, vaults, and content conveyance organizations (CDNs). A shaky CI/CD pipeline can present the potential for unapproved access, noxious code, or framework split the difference (OWASP Top 10, 2021). In conclusion, numerous applications presently incorporate auto-update usefulness, where updates are downloaded without adequate honesty confirmation and applied to the recently confided in the application. Aggressors might transfer their updates to be disseminated and run on all establishments. Another model is where items of information are encoded or serialized into a construction that an assailant can see and alter is powerless against uncertain deserialization.

The attackers would attack the system through distinct sources. The first example is the use of updates without signing in. Many home routers, set-top boxes, and others don't sign the update through signed firmware. Unsigned firmware is a developing objective for assailants and is supposed to just deteriorate. This is the main issue as commonly there is no system to remediate other than to fix in a future variant and trust that past adaptations will progress in years out(Galiveeti, et. al., 2021). The best way to protect the data integrity and software failure observed on this Cyber security assignment includes the following:

  • Utilize computerized marks or comparative instruments to check the product or information is from the normal source and has not been adjusted.
  • There is an audit interaction for code and design changes to limit the opportunity that vindictive code or setup could be brought into your product pipeline.
  • CI/CD pipeline has legitimate isolation, setup, and access control to guarantee the respectability of the code moving through the form and conveying processes.

The most common example of software and data integration is when we are using software from untrusted or unauthorized sources. If we are not using the authorized software then we are surely going to get into trouble. When we are not using official sites or official authorized sellers to download any software needed for our laptop we can get into the trap of Ransome ware attack or malware attack and which is practically very common nowadays.

  • Unsigned or decoded serialized information isn't shipped off to untrusted clients without some type of respectability check or computerized mark to recognize altering or replay of the serialized information.

These are some of the best ways to prevent and handle software failure. A responsible firm should understand the fact and manage its integrity so that failures could be avoided.

Risk 5: Security logging and monitoring failure
Security logging and monitoring are performed by inspecting electronic review logs for signs that unapproved security-related exercises have been performed on a framework or application that cycles, communicate, or stores private data.Security logging and monitoring appear at #3, up marginally from the 10th situation in the OWASP Top 10 2017. Logging and checking can be trying to test, frequently including meetings or inquiring as to whether assaults were distinguished during an infiltration test. There isn't a lot of CVE/CVSS information for this class, yet identifying and answering breaks is basic. All things considered, on this Cyber security assignmentit tends to be extremely effective for accountability, visibility, incident alerting, and forensics.

The OWASP 2021 reports show that security logging and monitoring are helpful to detect, escalate and respond to active breaches. The breaches cannot be detected without logging and monitoring and if there is an insufficient logging, detection, monitoring, and active response occur, please do the needful (OWASP Top 10, 2021):

  • Warning and errors generation or unclear log messages
  • Locally stored logs
  • Auditable events

A common example of this failure is the example of Air India passenger service system where more than 4.5 million passengers’ data had been theft. This list includes various flyers from around the world. This incident happened due to the use of third-party cloud hosting. The company notified Air India after some time of the breach.

The best way for prevention is described as follows(Nguyn, 2022):

  • Ensure all login, access control, and server-side info approval disappointments can be logged with adequate client settings to distinguish dubious or vindictive records and held for sufficient opportunity to permit a deferred legal investigation.
  • Ensure that logs are produced in a configuration that logs the executive's arrangements can undoubtedly consume.
  • Ensure log information is encoded accurately to forestall infusions or assaults on the logging or observing frameworks.

Conclusion
It has been concluded on this Cyber security assignmentthat OWASP 2021 report suggests some IT and web application risks and problems. These risks and problems should be addressed by the developers and the IT professionals to avoid the heavy risk of data breaches and malware attacks. Some cases referrals are provided that support other companies to look at their system and make them more advanced. All the risks and threats are important for the welfare of companies as they gather multiple information about the users. All the Risks are dealing with the software and the hacking site which is very common nowadays. Especially getting into the trap of Ransomware attack which is very common as the hackers are asking for a certain amount to operate the site. So be aware of such hacking and lawyers use authorized ways of using technology.

References
Fang, B., Wang, W., & Zhao, Y. (2022). Tight Analysis of Decrypton Failure Probability of Kyber in Reality. Cryptology ePrint Archive. Galiveeti, S., Tawalbeh, L. A., Tawalbeh, M., & El-Latif, A. A. A. (2021). Cybersecurity analysis: Investigating the data integrity and privacy in AWS and azure cloud platforms. In Artificial Intelligence and Blockchain for Future Cybersecurity ApplicationsCyber security assignment (pp. 329-360). Springer, Cham.
Heid, K., & Heider, J. (2021, November). Automated, Dynamic Android App Vulnerability and Privacy Leak Analysis: Design
Considerations, Required Components and Available Tools. In European Interdisciplinary Cybersecurity Conference (pp. 1-6). Loureiro, S. (2021). Security misconfigurations and how to prevent them. Network Security, 2021(5), 13-16.
Nguyn, T. H. (2022). Cybersecurity Logging & Monitoring Security Program.
OWASP Top 10. (2021). Welcome to the OWASP Top 10 – 2021. Cyber security assignment[Online] OWASP. Retrieved from: https://owasp.org/Top10/.

Tags:
NEXT SAMPLE

Related Samples

Question Bank

Looking for Your Assignment?

Search Assignment
Plagiarism free Assignment

FREE PARAPHRASING TOOL

PARAPHRASING TOOL
FREE PLAGIARISM CHECKER

FREE PLAGIARISM CHECKER

PLAGIARISM CHECKER
FREE PLAGIARISM CHECKER

FREE ESSAY TYPER TOOL

ESSAY TYPER
FREE WORD COUNT AND PAGE CALCULATOR

FREE WORD COUNT AND PAGE CALCULATOR

WORD PAGE COUNTER



AU ADDRESS
9/1 Pacific Highway, North Sydney, NSW, 2060
US ADDRESS
1 Vista Montana, San Jose, CA, 95134
ESCALATION EMAIL
support@totalassignment
help.com