MITS5004 IT Security Assignment 1: Web Application Security

Verified

Added on 2022/10/06

AI Summary

This presentation examines the critical aspects of web application security in today's technology-driven world. It begins by highlighting the challenges of securing web applications due to their public accessibility and the risks associated with improper input validation. The presentation delves into the anatomy of web applications, emphasizing the role of HTTP requests and the vulnerabilities that arise from data processing. It explores various threats, including XSS, injection, cookie poisoning, authorization and access control, and denial-of-service attacks. The presentation provides insights into the nature of these vulnerabilities and their potential impact on web applications. The presentation concludes by emphasizing the importance of implementing robust security mechanisms to mitigate these risks and enhance overall application security. This document is a student submission available on Desklib, a platform offering AI-based study tools and resources for students.

Introduction
Application security has become a concern in the
contemporary world which is advance in terms of
technology. Web applications are difficult to secure
because they are exposed to the public, including
malicious users. Also, since the input f Web applications
come from HTTP requests, improper input validation
results to security vulnerabilities. Web Application
security helps in reducing the vulnerabilities in the Web
application to enhance security.

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

Web Application Anatomy
Understanding the anatomy of Web
applications is essential in developing security
of these applications. According to Web
Application Security Consortium, a web app is
a software application executed by a web
server that responds to dynamic web page
requests over HTTP.

Origin of Web Application Vulnerability
Web applications interacts with the users
through the form elements such as texts and
the POST or GET variables. Most of the critical
vulnerabilities are caused by improper
processing of data items within HTTP. The
threats to the database server layer include
password cracking attacks, unauthorized
server access and SQL injection.

Vulnerability Scanners
Web application scanner is a tool used to
analyze security vulnerabilities in web
applications. Also, the scanners identify any
coding error in the application such as buffer
overflows and input strings. There are several
types of vulnerabilities in web applications.
Web scanners are able to detect the various
types of vulnerabilities that threaten the user’
security.

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

Cross Site Scripting (XSS) Vulnerability
This vulnerability occurs when malicious data
from an attacker is sent to the web
application. The malicious data may cause the
web application to display harmful data at the
legitimate user end. This enables the attacker
to steal or manipulate the credentials of the
legitimate user , impersonate the user or
execute malicious scripts on the user’s
machine.

Injection Vulnerability
This security threat is mainly caused by SQL
injection, resource injection, command
injection and data injection attacks. This
vulnerability allows data in databases to be
modified. Also, executable scripts may be
forced to execute tasks that are not
understood by the author.

Cookie Poisoning
Cookie poisoning is technique used by
malicious attackers to impersonate and violate
the privacy of the user. This is done through
the manipulation of session cookies that
protect the identity of the client.

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

Authorization and Access Control
Vulnerability
The authorization, authentication and access
control vulnerability may allow the malicious
attacker to control the application or the back-
end servers. This vulnerability is caused by the
use of weak password management, weak
encryption, elevation privileges or use of
unwanted copies.

Denial of Service Vulnerability
The denial of service attack aims to shut down
a web application therefore making it
inaccessible to the end users. Attackers
accomplish this attack by flooding the web
application with traffic or sending information
the triggers a crash of the application.

Conclusion
Web application are exposed to so many
security threats. Web applications have many
vulnerabilities that expose the end users to
malicious attackers. Therefore, application
security mechanisms should be implemented
to resolve the vulnerabilities to enhance
application security.