Security Evaluation for WidgetsInc Web-Store
Added on 2023-06-12
11 Pages4054 Words388 Views
SECURITY EVALUATION
Insert Your Name Here
Insert Your Tutor’s Name Here
Institution Affiliation
Date
Insert Your Name Here
Insert Your Tutor’s Name Here
Institution Affiliation
Date
Report for the WidgetsInc web-store security evaluation
Introduction
WidgetsInc requested for a performance security evaluation for the web-store. The security
evaluation is to be done by Benny Vandergast Inc. The security evaluation is meant to reveal the
flaws in the security measures implemented in the web-store. The main objective of security
testing is to find how vulnerable a system is. The system security evaluation is used to determine
how secure the resources and the data are protected. The security evaluation is used to test if un-
authenticated users can access the web-store and steal data in the system or violate the system
process. If a company uses web-store, most transactions are done online and the data has to be
secure. Online transaction will be many and the transactions have to be accurate and the data
should be secure. Security evaluation ensures that the system is efficient and effective. The
attributes of security testing include: availability of the system, authorization, confidentiality,
integrity, resilience, authentication and non-repudiation.
Security testing for a web-store application is very important. System testing is done to avoid
cases such as: loss of customer trust, costs of dealing with application attacks in the future, the
web-store downtime, time loss and the expenditure of recovering from down time.
There are various classes of threat to a web-store. The classes include: privilege evaluation, SQL
injection, URL manipulation, and unauthorized data access, denial of service, identity spoofing
and cross-site spoofing (Getting, 2018). The privilege evaluation involves a hacker who has an
account in the system and the hacker tends to increase his/her privileges to a supper user. The
hacker is then able to run the code of the system and could compromise the entire web-store
application. SQL injection involves an attack technique by the hackers. The hackers tend to
insert a malicious SQL in the field of execution that can result to the system providing critical
information from the database. The hacker could use the information to vandalize the whole
system. The attack takes advantage of the present loopholes of the system. Unauthorized data
access is another major attack in the systems (Kauffman and Tallon, 2014). There are various
types of unauthorized access. They include: unauthorized access to data by data-fetching
operations or use of other systems to access data and unauthorized access to the network, which
Introduction
WidgetsInc requested for a performance security evaluation for the web-store. The security
evaluation is to be done by Benny Vandergast Inc. The security evaluation is meant to reveal the
flaws in the security measures implemented in the web-store. The main objective of security
testing is to find how vulnerable a system is. The system security evaluation is used to determine
how secure the resources and the data are protected. The security evaluation is used to test if un-
authenticated users can access the web-store and steal data in the system or violate the system
process. If a company uses web-store, most transactions are done online and the data has to be
secure. Online transaction will be many and the transactions have to be accurate and the data
should be secure. Security evaluation ensures that the system is efficient and effective. The
attributes of security testing include: availability of the system, authorization, confidentiality,
integrity, resilience, authentication and non-repudiation.
Security testing for a web-store application is very important. System testing is done to avoid
cases such as: loss of customer trust, costs of dealing with application attacks in the future, the
web-store downtime, time loss and the expenditure of recovering from down time.
There are various classes of threat to a web-store. The classes include: privilege evaluation, SQL
injection, URL manipulation, and unauthorized data access, denial of service, identity spoofing
and cross-site spoofing (Getting, 2018). The privilege evaluation involves a hacker who has an
account in the system and the hacker tends to increase his/her privileges to a supper user. The
hacker is then able to run the code of the system and could compromise the entire web-store
application. SQL injection involves an attack technique by the hackers. The hackers tend to
insert a malicious SQL in the field of execution that can result to the system providing critical
information from the database. The hacker could use the information to vandalize the whole
system. The attack takes advantage of the present loopholes of the system. Unauthorized data
access is another major attack in the systems (Kauffman and Tallon, 2014). There are various
types of unauthorized access. They include: unauthorized access to data by data-fetching
operations or use of other systems to access data and unauthorized access to the network, which
includes the servers and servers. URL manipulation involves manipulation of the website URL
query strings.
Denial of service involves exemption of the legitimate users of the system from accessing the
system resources. The attack could render the entire system unusable. Data manipulation
involves a hacker changing the data of a website to have some advantages. The hackers tend to
change the HTML pages to be offensive. Identity spoofing involves the hackers acquiring the
credentials of a legitimate user. The hacker then attacks the network hosts or can even steal data.
Finally, cross-site scripting is a common threat to the web-store sites. The hacker tend to inject
client-side script in to the system. The users of the system could click on the links. Some of these
links could allow the hacker to steal some information from the system. The hacker could also
perform some wrong actions pretending to be the legitimate user.
Security investigation of the system
Benny Vandergast Inc. provided a VMware machine that was used in the testing process.
Virtualization technology has advanced from only hardware virtualization to data virtualization,
network virtualization, storage virtualization and memory virtualization. Each scope of
virtualization has its own specification. Virtualization testing is very useful and advantageous in
testing of software such as the web store for WidgetsInc.
There are a number of that were used in the investigation of the system security. The methods
involved in testing the system include: cross-site scripting, ethical hacking, password cracking,
penetration testing, risk assessment, security auditing, security scanning, SQL injection, URL
manipulation, posture assessment and buffer overflow testing (Singh, 2016).
The testing process involved four techniques. The practices include: tracking down issues that
would be recreated, solving resource collision during testing, getting control when the matrices
involved in testing become hard to manage and to use smart VMware monitoring (Diez et al.,
2016). First, there were issues that had to be tracked. This were the issues that would not be
recreated again. There were bugs that would cause the system to crash and could not be
reproduced. With such bugs, the testers would not get information on what led to the crashing of
the system. To optimize testing on such issues some tools used to record or replay the processes
are necessary. For the scenario, VMware Snapshots was used (eCommerce, 2013). The VMware
query strings.
Denial of service involves exemption of the legitimate users of the system from accessing the
system resources. The attack could render the entire system unusable. Data manipulation
involves a hacker changing the data of a website to have some advantages. The hackers tend to
change the HTML pages to be offensive. Identity spoofing involves the hackers acquiring the
credentials of a legitimate user. The hacker then attacks the network hosts or can even steal data.
Finally, cross-site scripting is a common threat to the web-store sites. The hacker tend to inject
client-side script in to the system. The users of the system could click on the links. Some of these
links could allow the hacker to steal some information from the system. The hacker could also
perform some wrong actions pretending to be the legitimate user.
Security investigation of the system
Benny Vandergast Inc. provided a VMware machine that was used in the testing process.
Virtualization technology has advanced from only hardware virtualization to data virtualization,
network virtualization, storage virtualization and memory virtualization. Each scope of
virtualization has its own specification. Virtualization testing is very useful and advantageous in
testing of software such as the web store for WidgetsInc.
There are a number of that were used in the investigation of the system security. The methods
involved in testing the system include: cross-site scripting, ethical hacking, password cracking,
penetration testing, risk assessment, security auditing, security scanning, SQL injection, URL
manipulation, posture assessment and buffer overflow testing (Singh, 2016).
The testing process involved four techniques. The practices include: tracking down issues that
would be recreated, solving resource collision during testing, getting control when the matrices
involved in testing become hard to manage and to use smart VMware monitoring (Diez et al.,
2016). First, there were issues that had to be tracked. This were the issues that would not be
recreated again. There were bugs that would cause the system to crash and could not be
reproduced. With such bugs, the testers would not get information on what led to the crashing of
the system. To optimize testing on such issues some tools used to record or replay the processes
are necessary. For the scenario, VMware Snapshots was used (eCommerce, 2013). The VMware
Snapshots allowed the testers go back to the entire execution that led to the crash. With the
VMware Snapshots also allowed the tested view the threads and processes to see what lead to the
crashes that were experienced with the system. The recorded activities were saved in a file for
easy retrieval if needed.
The second practice that was implemented, was solving resource collision during the testing
process. Some tests would not be implemented concurrently due to the challenges of acquiring
the resources. The testing for such environments was successful by use of cloning and network
fencing. Testing was possible in many environments at the same time. For example, it was
possible to test for user authentication, test for regression, test for integration at the same time.
The third practice that was involved was, to manage the situation even when the test matrix was
becoming hard to manage. There were situations whereby, the testing crew would encounter
tough trade-offs in the test matrix and the quality of software that is going to be released. To
solve the situation, the testing crew created templates that were using to establish the level of
testing. For example, at the testing crew had Level One as website testing, Level two as
operating system, Level Four as database testing and Level Five was the network. There were
various tests at each level.
Finally, the group had to deploy a smart VMware monitoring system. After the implementation
of a new software, there is need to keep an eye on the environment. Opvizor is the right tool for
monitoring the VM ware environment (opvizor, 2018). The tool does not require one to keep
watching the result. The tools sends notification once it detects a problem in the system. Also
Snapwatcher was used to capture the snapshots and stay on the VMware environment. The
Snapwatcher is useful in monitoring the behavior of a system.
The virtualized testing needed to be efficient and automated. Virtualization provide better
utilization. The testing crew can revert the system to the previous state. This means cleanup is
easy and the team could easily debug the problems using the snapshots generated. Virtualized
testing involves minimal loss in the server crashes. VMs are basically file which can be backup
up for retrieval in case of any loss. VMs provides a pool of resources. This means that there is no
need to reconfigure the images in case of a new physical server. The team created a pool of
resources. This minimizes the cost required for testing. The VMs testing is easy to maintain and
the processes automated. This means that there was minimal effort required from the group that
VMware Snapshots also allowed the tested view the threads and processes to see what lead to the
crashes that were experienced with the system. The recorded activities were saved in a file for
easy retrieval if needed.
The second practice that was implemented, was solving resource collision during the testing
process. Some tests would not be implemented concurrently due to the challenges of acquiring
the resources. The testing for such environments was successful by use of cloning and network
fencing. Testing was possible in many environments at the same time. For example, it was
possible to test for user authentication, test for regression, test for integration at the same time.
The third practice that was involved was, to manage the situation even when the test matrix was
becoming hard to manage. There were situations whereby, the testing crew would encounter
tough trade-offs in the test matrix and the quality of software that is going to be released. To
solve the situation, the testing crew created templates that were using to establish the level of
testing. For example, at the testing crew had Level One as website testing, Level two as
operating system, Level Four as database testing and Level Five was the network. There were
various tests at each level.
Finally, the group had to deploy a smart VMware monitoring system. After the implementation
of a new software, there is need to keep an eye on the environment. Opvizor is the right tool for
monitoring the VM ware environment (opvizor, 2018). The tool does not require one to keep
watching the result. The tools sends notification once it detects a problem in the system. Also
Snapwatcher was used to capture the snapshots and stay on the VMware environment. The
Snapwatcher is useful in monitoring the behavior of a system.
The virtualized testing needed to be efficient and automated. Virtualization provide better
utilization. The testing crew can revert the system to the previous state. This means cleanup is
easy and the team could easily debug the problems using the snapshots generated. Virtualized
testing involves minimal loss in the server crashes. VMs are basically file which can be backup
up for retrieval in case of any loss. VMs provides a pool of resources. This means that there is no
need to reconfigure the images in case of a new physical server. The team created a pool of
resources. This minimizes the cost required for testing. The VMs testing is easy to maintain and
the processes automated. This means that there was minimal effort required from the group that
End of preview
Want to access all the pages? Upload your documents or become a member.
Related Documents
Security Evaluation for WidgetsInc Web-Storelg...
|11
|3970
|239
Cyber Security: Vulnerabilities, Exploitation, and Security Controlslg...
|10
|2384
|453
Information Leakage in Cyber Securitylg...
|19
|1443
|65
Contemporary World Application 2022lg...
|10
|541
|10
Information Security Awareness Assignment PDFlg...
|7
|1466
|95
What Is Web Application Security and How Does It Work?lg...
|9
|1856
|13