logo

Cyber Security: Vulnerabilities, Exploitation, and Security Controls

Assessment of learning outcomes 1, 2, and 4 through a 2500-word individual examination on cyber security threats, security controls, and professional, social, ethical, and legal issues.

10 Pages2384 Words453 Views
   

Added on  2022-11-24

About This Document

This assessment focuses on the identification of vulnerabilities in cyber security, ways to exploit them, and security controls to protect against attacks. It covers topics such as missing authorization, download of codes without integrity checks, broken authentication and session management, missing data encryption, cross-site scripting vulnerabilities, SQL injection detection and exploitation, methods used by social engineers, tools used by hackers, BCM and its functions, types of backup sites, and the role of BCM in fighting cyber security attacks. The assessment also explains the phases of ethical hacking and different types of footprinting.

Cyber Security: Vulnerabilities, Exploitation, and Security Controls

Assessment of learning outcomes 1, 2, and 4 through a 2500-word individual examination on cyber security threats, security controls, and professional, social, ethical, and legal issues.

   Added on 2022-11-24

ShareRelated Documents
CYBER SECURITY
Cyber Security: Vulnerabilities, Exploitation, and Security Controls_1
Cyber Security: Vulnerabilities, Exploitation, and Security Controls_2
INTRODUCTION
Cyber security is an important practise of protecting system, server, data, financial
information, accounts from any kind of malicious attack because of which damage to system,
theft, or disruption can occur (Apruzzese and et. al., 2018). This assessment will focus upon
identification of vulnerabilities in server, ways in which they can be managed, SQL injection,
social engineering methods used to trick users to provide their person information, social
engineering tools used by hackers, explanation of BCM, sites that can be used for backup, phases
of ethical hacking, and types of Footprinting.
TASK 1: BCM
a. Detailed explanation of ways in which each vulnerabilities identified can be exploited and
recommend for each one of them about what should be done
Missing authorization: When web server do not focus upon authentication check and when a
user simply attempts to access a website or perform an action or can access a data is known as
missing authorization vulnerability. Its exploitation can lead to variety of problems such as
denial of service, information exposure etc. manual static analysis should be conducted for
detecting any kind of missing authorization vulnerabilities within system such as manual score
code review, manual spotcheck.
Download of codes without integrity checks: When without integrity check website or product
download and execute code from remote location is a main vulnerability which is required to be
dealt with. Because of this, an attacker can easily execute any kind of malicious code by simply
compromising server of host by performing DNS spoofing, or bringing modification in code
which is in transit (Maglaras and et. al., 2018). For this, taxonomy mapping can be done such as:
CERT Oracle Secure Coding Standard for Java can be used as it do not rely on verification of
automatic signature which is by default provided by java.util.jar and URLClassLoader.
Broken Authentication and Session Management: It is a vulnerability that can be used to steal
user’s login data, cookies, forge session data, or to gain unauthorized access to website. For this,
web application firewall can be used. It can directly help in protecting web server against cyber
threat of session management and broken authentication.
Missing data encryption: It is a vulnerability in which system misses proper data encryption. It
can reduce guarantees of confidentiality, integrity, and accountability (Nguyen and Reddi, 2019).
1
Cyber Security: Vulnerabilities, Exploitation, and Security Controls_3

End of preview

Want to access all the pages? Upload your documents or become a member.

Related Documents
Ways of Attacking a Web Application in PHP: SQL Injection, XSS, Session Hijacking, Directory Traversal, and Remote File Inclusion
|9
|1493
|176

Penetration Testing Penetration Testing
|52
|9148
|85

Contemporary World Application 2022
|10
|541
|10

Threat Detection Technique
|6
|1177
|99

Security Evaluation for WidgetsInc Web-Store
|11
|4054
|388

Cross Site Scripting attacks take place when a specific untrusted
|4
|770
|349