Threat Analysis and Security Controls for Web Applications and Servers

Verified

Added on 2023/06/04

AI Summary

This presentation by Desklib discusses the vulnerabilities of web applications and servers to attacks such as URL interpretation, SQL injection, cross-site scripting, and more. It performs a threat analysis and outlines security controls to mitigate the situation. The presentation also recommends measures such as installing antivirus software, updating operating systems, using strong passwords, and educating clients on various forms of attacks.

Contribute Materials

Your contribution can guide someone’s learning journey. Share your documents today.

Principles of
Information Security
(Student’s Name)
(Professor’s Name)
(Course Title)
(Date of Submission)

Secure Best Marks with AI Grader

Need help grading? Try our AI Grader for instant feedback on your assignments.

Introduction
 The company of Gamble Bet IT security has been comprised
 The credit fraud system was raising alarm bells. The fraud
originated from credit card numbers of the company clients
 This presentation will perform a threat analysis where the
report will state what ought to be tested and investigated.
 We will outline what measures the organization need to
implement to mitigate the situation. In here the report will
outline security controls so that web applications and web
servers are not comprised again (Gallegos, 2016)

Background and problem analysis
 Web applications and servers are popular
target for hackers and attackers
URL interpretation attack
SQL injection attack
Cross-site scripting
Cross-site request forgery (CSRF)

 Parameter tampering
GambleBet system were
vulnerable to directly traversal
type of attack
LDAP injection
 XML type on injection
Cont.…

Secure Best Marks with AI Grader

Need help grading? Try our AI Grader for instant feedback on your assignments.

Threat analysis
The impact of these attacks can range
beyond comprise of the credit card
numbers system example lead to web-
application defacement
SQL injection, can hinder the normal
functioning of the organization web-
application.
This attacks can also lead to huge financial
loss

Cont..
 Phase one: First establish the security baseline
policies
 the organization need to review the security
mechanism which are configured at firewall point
 Phase two: to do a very quick assessment which
should not take more than 10 hours
 Phase three: establishing the where the attack
could have originated

Cont…
Phase four: notifying those account
holders that have been affected
Phase five: Restoring the organization
assets back to normalcy
The last phase is preparing for the next
attack or system comprise (Jaeger,2008)

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

Dependencies and critical success factors
 First secure support from the senior management
 the team need to establish what they know about
the company: Example is to establish both
external and internal stakeholders
 The team also need to establish the architecture
structure of the organization and how information
follows from the CEO to the lowest level (Gupta,
2015).

Cont….
 The audit team also need to establish third party
example the service providers.
 The audit team need to prepare questionnaires, and
interviews with the key staff
 the audit team need to know measurements taken by
the bank and the Gamble Bet to protect where the
web-application reside
 One of the tool required in their audit which ought
to be provided by the company is 05 FTK manager

Recommendation
 install antivirus software in its web-server
 the organization need to keeping its operating
system updated on daily basis
 the organization need to use very strong passwords
for every application and site they use
 Educate their clients on the various forms of
attacks (Pawar, 2015)

Secure Best Marks with AI Grader

Need help grading? Try our AI Grader for instant feedback on your assignments.

Cont.…
 one should not use dynamic SQL in their web-
applications
 updating firewall and patch which hackers can exploit
 the organization need to consider installing web-
application firewall
 the organization need to always use appropriate
privileges
 it is always important to keep the organization secrets
secret

References
Gallegos, F., 2016. Audit and control of information system by
Frederick Gallegos. 2st ed. Cincinnati: South-Western Pub.
Gupta, A. a. S. S., 2015. Information System Audit. A study for
security and challenges in, 2(III), pp. 45-67.
Halfond, W. V. J. a. O. A., 2016. A classification of SQL-injection
attacks and countermeasure. In Proceedings of the IEEE International
Symposium on Secure Software Engineering , 1(II), pp. 13-15.
Jaeger, T., 2008. Operating system security by Trent Jaeger. 1st ed.
Chicago: Morgan & Claypool Publishers.
Pawar, 2015. SQL Injection Attacks. KHOJ: Journal of Indian
Management Research and Practices, 4(II), pp. 125-129.

1 out of 12

Threat Analysis and Security Controls for Web Applications and Servers

Contribute Materials

Secure Best Marks with AI Grader

Secure Best Marks with AI Grader

Paraphrase This Document

Secure Best Marks with AI Grader

Related Documents

Information Security Audit Plan for Gamble Bet Ltd Company

Performing a Website and Database Attack

Cyber Security: Vulnerabilities, Exploitation, and Security Controls

ITNE2005 Assessment: Network Attacks and Security Audit Tools

Manage Network and Data Integrity

MEMO DATE: (Today’s Date) TO: (Tutor’s Name) FROM: (Student’s

+13062052269

info@desklib.com