Web Application Security Assessment and Mitigation Strategies
VerifiedAdded on 2022/08/12
|18
|4249
|15
Report
AI Summary
This report provides a comprehensive web application security assessment for the Haboob Company, addressing the risks, threats, and vulnerabilities associated with its online retail platform. The assessment identifies three major risks, including injection attacks, cross-site scripting, and broken authentication and session management. It also highlights three key threats: ransomware, data breaches, and DDoS attacks. Furthermore, the report analyzes three vulnerabilities: cross-site request forgery (CSRF), security misconfiguration, and insecure cryptographic storage. The discussion section provides detailed explanations of each issue, followed by a comparison of best practices for mitigation, such as data sanitization, input filtering, output encoding, robust authentication, incident response planning, and secure cryptographic storage practices. The report emphasizes the importance of proactive security measures to protect the company's website, customers, and sensitive data.
Running head: WEB APPLICATION SECURITY ASSESSMENT
WEB APPLICATION SECURITY ASSESSMENT
Name of student
Name of university
Author’s note:
WEB APPLICATION SECURITY ASSESSMENT
Name of student
Name of university
Author’s note:
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
1
WEB APPLICATION SECURITY ASSESSMENT
Abstract
In modern world computation, the customers need improved services and improved products.
For providing the customers with their desired products and the services, the companies are
implementing the innovative technologies that could be helpful in the organisation. The
introduction of various innovative technologies helps the companies to provide improved
products and services but it also introduces various kinds of threats in the organisation that
could be executed by any malicious attacker.
WEB APPLICATION SECURITY ASSESSMENT
Abstract
In modern world computation, the customers need improved services and improved products.
For providing the customers with their desired products and the services, the companies are
implementing the innovative technologies that could be helpful in the organisation. The
introduction of various innovative technologies helps the companies to provide improved
products and services but it also introduces various kinds of threats in the organisation that
could be executed by any malicious attacker.
2
WEB APPLICATION SECURITY ASSESSMENT
Table of Contents
Introduction....................................................................................................................3
Discussion......................................................................................................................3
Risks...........................................................................................................................3
Threats........................................................................................................................4
Vulnerabilities............................................................................................................5
Conclusion......................................................................................................................6
Introduction....................................................................................................................9
Discussion......................................................................................................................9
Mitigating the risks....................................................................................................9
Mitigating the threats...............................................................................................10
Mitigating the vulnerabilities...................................................................................11
Conclusion....................................................................................................................12
References....................................................................................................................13
WEB APPLICATION SECURITY ASSESSMENT
Table of Contents
Introduction....................................................................................................................3
Discussion......................................................................................................................3
Risks...........................................................................................................................3
Threats........................................................................................................................4
Vulnerabilities............................................................................................................5
Conclusion......................................................................................................................6
Introduction....................................................................................................................9
Discussion......................................................................................................................9
Mitigating the risks....................................................................................................9
Mitigating the threats...............................................................................................10
Mitigating the vulnerabilities...................................................................................11
Conclusion....................................................................................................................12
References....................................................................................................................13
⊘ This is a preview!⊘
Do you want full access?
Subscribe today to unlock all pages.
Trusted by 1+ million students worldwide
3
WEB APPLICATION SECURITY ASSESSMENT
Introduction
The introduction of various kinds of web application has helped the companies in
simplifying the methods by which the products and services are provided to the customers but
it has also increased the risks of data theft and various kinds of attacks that could breach the
data of the organisation. The haboob company allows their customers to buy the products as
well as the services from the website but it has been observed that the customers are not
following the proper security protocols while using the web application. This report intends
to analyse the threats, risks and the vulnerabilities that might be found on the web application
and lead to the serious damage to the organization.
Discussion
Risks
Injection attacks: The injection attacks mainly denote to the broad class of the attack
vendors. In any injection attack, an attacker mainly provides the untrusted input to any
program. The process of the input is done by any interpreter as the section of the command or
any query. In return, it alters the main execution of the program (Liang et al., 2016). The risk
of the injection attacks are considered to be the most dangerous kind of attack that is aimed at
the web application. It leads to the theft of data, loss of data, and the damage of extensive
integrity of data, the denial of services and the compromising of the complete system of the
company (Liang et al., 2016).
Cross-site scripting: Cross-site scripting could be described as the injection attack
that is caused on the client-side (Gupta & Gupta, 2017). Within this type of attack, the main
intention of the attackers is executing various malicious scripts on the web browsers of the
targeted victim. The attack is executed by adding the malicious code in the authentic web
application or any particular web browser. As soon as the targeted user visits the web page,
WEB APPLICATION SECURITY ASSESSMENT
Introduction
The introduction of various kinds of web application has helped the companies in
simplifying the methods by which the products and services are provided to the customers but
it has also increased the risks of data theft and various kinds of attacks that could breach the
data of the organisation. The haboob company allows their customers to buy the products as
well as the services from the website but it has been observed that the customers are not
following the proper security protocols while using the web application. This report intends
to analyse the threats, risks and the vulnerabilities that might be found on the web application
and lead to the serious damage to the organization.
Discussion
Risks
Injection attacks: The injection attacks mainly denote to the broad class of the attack
vendors. In any injection attack, an attacker mainly provides the untrusted input to any
program. The process of the input is done by any interpreter as the section of the command or
any query. In return, it alters the main execution of the program (Liang et al., 2016). The risk
of the injection attacks are considered to be the most dangerous kind of attack that is aimed at
the web application. It leads to the theft of data, loss of data, and the damage of extensive
integrity of data, the denial of services and the compromising of the complete system of the
company (Liang et al., 2016).
Cross-site scripting: Cross-site scripting could be described as the injection attack
that is caused on the client-side (Gupta & Gupta, 2017). Within this type of attack, the main
intention of the attackers is executing various malicious scripts on the web browsers of the
targeted victim. The attack is executed by adding the malicious code in the authentic web
application or any particular web browser. As soon as the targeted user visits the web page,
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
4
WEB APPLICATION SECURITY ASSESSMENT
the malicious code is automatically executed and the user becomes a victim of this kind of
attack. This web application or the web page then develops to be the delivery method for
delivering the malicious script to web browser of any user (Lekies et al., 2017). The message
boards, the forums are found to be some of the methods by which this attack is executed.
Broken Authentication and Session Management Attack: This kind of attack is
mainly executed with the intention of trying as well as retrieving the passwords, the user
account information, the IDs and various other details that are considered to the crucial for
the employees of the organization (Hassan et al., 2018). The attackers possess excessive
quantity of the passwords and username of the users which are valid and with the help of
these credentials the credential stuffing is executed. Along with the credential stuffing, the
dictionary attack tools and the automated brute force attack is also executed. Unexpired
session tokens are the main reason for the attacks of session management.
Threats
Ransomware: The ransomware could be described as the kind of the malware that
mainly encrypts the files of any victim (Kolodenker et al., 2018). The demand is then made
by the attacker for some amount of ransom from any that victim for restoring the access to
that data upon providing the payment. The users are displayed with various instructions for
the method by which payment is to be made for gaining the decryption key. There are huge
number of the vectors that could be taken by the ransomware for accessing any computer
(Kharaz et al., 2016). Most popular delivery system that is used in the modern times by the
attackers is method of phishing spam, in which various attachments comes to victims in the
form of email, masked as some file that must be reliable. As soon as they are downloaded as
well as opened, it could take over the computer of the victim, specifically if it possess the
built-in social engineering tools that could trick any user into following the administrative
access.
WEB APPLICATION SECURITY ASSESSMENT
the malicious code is automatically executed and the user becomes a victim of this kind of
attack. This web application or the web page then develops to be the delivery method for
delivering the malicious script to web browser of any user (Lekies et al., 2017). The message
boards, the forums are found to be some of the methods by which this attack is executed.
Broken Authentication and Session Management Attack: This kind of attack is
mainly executed with the intention of trying as well as retrieving the passwords, the user
account information, the IDs and various other details that are considered to the crucial for
the employees of the organization (Hassan et al., 2018). The attackers possess excessive
quantity of the passwords and username of the users which are valid and with the help of
these credentials the credential stuffing is executed. Along with the credential stuffing, the
dictionary attack tools and the automated brute force attack is also executed. Unexpired
session tokens are the main reason for the attacks of session management.
Threats
Ransomware: The ransomware could be described as the kind of the malware that
mainly encrypts the files of any victim (Kolodenker et al., 2018). The demand is then made
by the attacker for some amount of ransom from any that victim for restoring the access to
that data upon providing the payment. The users are displayed with various instructions for
the method by which payment is to be made for gaining the decryption key. There are huge
number of the vectors that could be taken by the ransomware for accessing any computer
(Kharaz et al., 2016). Most popular delivery system that is used in the modern times by the
attackers is method of phishing spam, in which various attachments comes to victims in the
form of email, masked as some file that must be reliable. As soon as they are downloaded as
well as opened, it could take over the computer of the victim, specifically if it possess the
built-in social engineering tools that could trick any user into following the administrative
access.
5
WEB APPLICATION SECURITY ASSESSMENT
Data breach: Any data breach could be defined as the security event where the
information of the organisation has been accessed without the proper authorisation. The data
breaches could hurt the businesses as well as the consumers in various kinds of methods
(Cadwalladr & Graham-Harrison, 2018). As the company utilises the website application that
provides the customers with simplified methods of buying the products, it also provides the
hackers and malicious insiders with the gateway for entering the database of the organisation
for gaining the sensitive data without proper authorisation. In data breaches, the hackers
mainly seek the personally identifiable information for stealing the money, compromise the
identities as well as sell over the information on the dark (Solove & Citron, 2017).
DDoS Attack: Within the sector of modern era computing, the attack of denial of
service could be described as the cyber-attack in which any perpetrator pursues in making the
network or the machine resources inaccessible to the intended users by the momentarily or
even indeterminately disrupting the facilities of any host that is linked to internet (Bawany,
Shamsi & Salah, 2017). The denial of service has been commonly executed by the
overflowing of any directed machine or even any resources along with the surplus requests in
the attempt of overloading systems as well as prevent the genuine requirements from being
quickly satisfied. The traffic from various sources is used for flooding the network of any
organization and this attack is primarily executed through any web application (Yuan, Li &
Li, 2017).
Vulnerabilities
Cross site request forgery: XSRF, Sea surf or the Cross site forgery is the kind of
attack vector that has the ability of efficiently deceiving the web application for executing
any kind of unsolicited action within the applications when any user has logged in using the
credentials (Calzavara et al., 2020). The effective CSRF attack could be significantly
disturbing for the both the business as well as the user. It could lead in the extensive damaged
WEB APPLICATION SECURITY ASSESSMENT
Data breach: Any data breach could be defined as the security event where the
information of the organisation has been accessed without the proper authorisation. The data
breaches could hurt the businesses as well as the consumers in various kinds of methods
(Cadwalladr & Graham-Harrison, 2018). As the company utilises the website application that
provides the customers with simplified methods of buying the products, it also provides the
hackers and malicious insiders with the gateway for entering the database of the organisation
for gaining the sensitive data without proper authorisation. In data breaches, the hackers
mainly seek the personally identifiable information for stealing the money, compromise the
identities as well as sell over the information on the dark (Solove & Citron, 2017).
DDoS Attack: Within the sector of modern era computing, the attack of denial of
service could be described as the cyber-attack in which any perpetrator pursues in making the
network or the machine resources inaccessible to the intended users by the momentarily or
even indeterminately disrupting the facilities of any host that is linked to internet (Bawany,
Shamsi & Salah, 2017). The denial of service has been commonly executed by the
overflowing of any directed machine or even any resources along with the surplus requests in
the attempt of overloading systems as well as prevent the genuine requirements from being
quickly satisfied. The traffic from various sources is used for flooding the network of any
organization and this attack is primarily executed through any web application (Yuan, Li &
Li, 2017).
Vulnerabilities
Cross site request forgery: XSRF, Sea surf or the Cross site forgery is the kind of
attack vector that has the ability of efficiently deceiving the web application for executing
any kind of unsolicited action within the applications when any user has logged in using the
credentials (Calzavara et al., 2020). The effective CSRF attack could be significantly
disturbing for the both the business as well as the user. It could lead in the extensive damaged
⊘ This is a preview!⊘
Do you want full access?
Subscribe today to unlock all pages.
Trusted by 1+ million students worldwide
6
WEB APPLICATION SECURITY ASSESSMENT
relationships with the clients, the unauthorised transfer of funds, data theft and the changed
passwords. Various methods of social engineering which includes email or some kind of link,
which are extensively malicious in nature are used by the attackers for deceiving various
victims in transferring the sham request to some particular server (Barabanov, Markov &
Tsirlov, 2018).
Security Misconfiguration: The security misconfiguration mainly arise when any
security setting have been defined, implemented as well as maintained as the defaults. It has
been discovered that any good security mainly needs the secure configuration that is defined
as well as deployed for application, the web server, the database server as well as the
platform (Cuppens, Cuppens-Boulahia & Garcia-Alfaro, 2019). The main threat agents are
the anonymous external attackers and the users along with their respective accounts, which
might try the compromising of system. The approach of any attacker is retrieving the default
accounts, the idle pages, the flaws that are unpatched, as well as the unprotected flaws.
Insecure Cryptographic Storage: The Insecure Cryptographic Storage has been
considered as the common vulnerability that occurs when any of the delicate data has not
been deposited securely. The profile information, the user credentials, the health details as
well as the credit card data are covered beneath the sensitive data that is present on any web
application. This particular data would be stored on the application database (Li et al., 2018).
When the storing of the data is done improperly by not utilisation of the encryption or even
hashing, it would be significantly vulnerable to various attackers. With the proper utilisation
of this particular vulnerability, the attackers could steal, alter the unsecure data for
conducting the identity theft, the credit card fraud and various other crimes (Wang et al.,
2017).
WEB APPLICATION SECURITY ASSESSMENT
relationships with the clients, the unauthorised transfer of funds, data theft and the changed
passwords. Various methods of social engineering which includes email or some kind of link,
which are extensively malicious in nature are used by the attackers for deceiving various
victims in transferring the sham request to some particular server (Barabanov, Markov &
Tsirlov, 2018).
Security Misconfiguration: The security misconfiguration mainly arise when any
security setting have been defined, implemented as well as maintained as the defaults. It has
been discovered that any good security mainly needs the secure configuration that is defined
as well as deployed for application, the web server, the database server as well as the
platform (Cuppens, Cuppens-Boulahia & Garcia-Alfaro, 2019). The main threat agents are
the anonymous external attackers and the users along with their respective accounts, which
might try the compromising of system. The approach of any attacker is retrieving the default
accounts, the idle pages, the flaws that are unpatched, as well as the unprotected flaws.
Insecure Cryptographic Storage: The Insecure Cryptographic Storage has been
considered as the common vulnerability that occurs when any of the delicate data has not
been deposited securely. The profile information, the user credentials, the health details as
well as the credit card data are covered beneath the sensitive data that is present on any web
application. This particular data would be stored on the application database (Li et al., 2018).
When the storing of the data is done improperly by not utilisation of the encryption or even
hashing, it would be significantly vulnerable to various attackers. With the proper utilisation
of this particular vulnerability, the attackers could steal, alter the unsecure data for
conducting the identity theft, the credit card fraud and various other crimes (Wang et al.,
2017).
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
7
WEB APPLICATION SECURITY ASSESSMENT
Conclusion
Therefore, it could be concluded from the above discussion that the introduction of
the website in the organisation helps in improving several business process but it also
introduces various threats to the company. In any injection attack, an attacker mainly
provides the untrusted input to any program. When any injection attack is executed on the
client side, it could be referred as the cross-site scripting.
WEB APPLICATION SECURITY ASSESSMENT
Conclusion
Therefore, it could be concluded from the above discussion that the introduction of
the website in the organisation helps in improving several business process but it also
introduces various threats to the company. In any injection attack, an attacker mainly
provides the untrusted input to any program. When any injection attack is executed on the
client side, it could be referred as the cross-site scripting.
8
WEB APPLICATION SECURITY ASSESSMENT
Abstract
Even though, the introduction of the website in the haboob company has been beneficial for
the organisation, it has introduced various threats, risks and the vulnerabilities. The website
implementation has led to the introduction of various kinds of threats, risks and
vulnerabilities in the organisation. This report aims to determine the methods by which the
threats, risks and the vulnerabilities in the web application could be mitigated effectively.
Several kinds of preventive measures are briefly discussed within this report.
WEB APPLICATION SECURITY ASSESSMENT
Abstract
Even though, the introduction of the website in the haboob company has been beneficial for
the organisation, it has introduced various threats, risks and the vulnerabilities. The website
implementation has led to the introduction of various kinds of threats, risks and
vulnerabilities in the organisation. This report aims to determine the methods by which the
threats, risks and the vulnerabilities in the web application could be mitigated effectively.
Several kinds of preventive measures are briefly discussed within this report.
⊘ This is a preview!⊘
Do you want full access?
Subscribe today to unlock all pages.
Trusted by 1+ million students worldwide
9
WEB APPLICATION SECURITY ASSESSMENT
Introduction
The implementation of the website in the organisation has led to the improvement of
the methods by which the services and products are provided to the customers. The website
implementation has led to the introduction of various kinds of threats, risks and
vulnerabilities in the organisation. This report intends to analyse the methods by which the
threats, risks and the vulnerabilities in the web application could be mitigated effectively. The
various preventive measures have been discussed in this report. Lastly, this report concludes
with an appropriate conclusion for the report.
Discussion
Mitigating the risks
Mitigating Injection attacks: Data sanitisation and the method of data validation has
been found to be the most effective methods for preventing any kind injection attacks. Data
sanitisation mainly deals with execution of all the stored data with the help of the function
(mysql_real_escape_string() function) for effectively ensuring that the characters (like " '
") have not been delivered to any SQL query within the data (Tan et al., 2017).
Mitigating the Cross-site scripting: The prevention of cross-site scripting has been
considered significantly trivial for some of the circumstances but could be much difficult
relying on the complexity of application plus the methods of handling the user-controlled
data (Gupta & Gupta, 2016). The combination of the filtering the input upon arrival, then
encoding the data upon output, by means of the suitable response headers, and the policy of
content security could be used by the organisation for mitigating the Cross-site scripting
attacks. Filtering the input upon arrival is the point where the input of the users are gained,
filtered robustly on the basis of what has been expected or the valid input. The output could
be encoded for preventing it from being interpreted as the active content.
WEB APPLICATION SECURITY ASSESSMENT
Introduction
The implementation of the website in the organisation has led to the improvement of
the methods by which the services and products are provided to the customers. The website
implementation has led to the introduction of various kinds of threats, risks and
vulnerabilities in the organisation. This report intends to analyse the methods by which the
threats, risks and the vulnerabilities in the web application could be mitigated effectively. The
various preventive measures have been discussed in this report. Lastly, this report concludes
with an appropriate conclusion for the report.
Discussion
Mitigating the risks
Mitigating Injection attacks: Data sanitisation and the method of data validation has
been found to be the most effective methods for preventing any kind injection attacks. Data
sanitisation mainly deals with execution of all the stored data with the help of the function
(mysql_real_escape_string() function) for effectively ensuring that the characters (like " '
") have not been delivered to any SQL query within the data (Tan et al., 2017).
Mitigating the Cross-site scripting: The prevention of cross-site scripting has been
considered significantly trivial for some of the circumstances but could be much difficult
relying on the complexity of application plus the methods of handling the user-controlled
data (Gupta & Gupta, 2016). The combination of the filtering the input upon arrival, then
encoding the data upon output, by means of the suitable response headers, and the policy of
content security could be used by the organisation for mitigating the Cross-site scripting
attacks. Filtering the input upon arrival is the point where the input of the users are gained,
filtered robustly on the basis of what has been expected or the valid input. The output could
be encoded for preventing it from being interpreted as the active content.
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
10
WEB APPLICATION SECURITY ASSESSMENT
Mitigating the Broken Authentication and Session Management Attack: This
kind of attack is mainly executed with the intention of trying as well as retrieving the
passwords, the user account information, the IDs and various other details that are considered
to the crucial for the employees of the organization (Kaczmarek, Ozturk & Tsudik, 2018).
The use of effective antivirus software could detect the use of any hardcoded passwords and
keys within any code, the long timeouts of sessions, URL and session rewriting, any weak
passwords, if the HttpOnly flag has been used for sessioning the handing header, plus various
others and also protect the application against any kind of brute force login attacks.
Mitigating the threats
Mitigating the ransomware threat: Having the incident response plan could be
helpful for the organisation to identify what is required to be done during the ransomware
event. The company could use the backup system for allowing the multiple iterations of all
the backups in being saved, in the situation when any copy of backups includes the infected
or the encrypted files (Richardson & North, 2017). The constant network scans and the
system scans could be executed with the help of the anti-spam and the antivirus programs.
The antivirus could also be used to automatically update all the signatures. The macros
scripts should be disabled by the organisation for ensuring that the files of the organisation
are gained by any unauthorised user easily.
Mitigating the data breach threat: The real time monitoring has been considered to
be significantly essential for preventing the data breaches. The company could solely prevent
the data breaches if they possess the extensive visibility into the environment (Wehbé, 2017).
The use of tools such as the security information and the event management platform could
be used for gaining the actionable insights from the advanced analytics as well as the data
forensics for mitigating the risks and then increase the speed of the incident response. The
network segmentation should be checked with the forensic experts and view the report of all
WEB APPLICATION SECURITY ASSESSMENT
Mitigating the Broken Authentication and Session Management Attack: This
kind of attack is mainly executed with the intention of trying as well as retrieving the
passwords, the user account information, the IDs and various other details that are considered
to the crucial for the employees of the organization (Kaczmarek, Ozturk & Tsudik, 2018).
The use of effective antivirus software could detect the use of any hardcoded passwords and
keys within any code, the long timeouts of sessions, URL and session rewriting, any weak
passwords, if the HttpOnly flag has been used for sessioning the handing header, plus various
others and also protect the application against any kind of brute force login attacks.
Mitigating the threats
Mitigating the ransomware threat: Having the incident response plan could be
helpful for the organisation to identify what is required to be done during the ransomware
event. The company could use the backup system for allowing the multiple iterations of all
the backups in being saved, in the situation when any copy of backups includes the infected
or the encrypted files (Richardson & North, 2017). The constant network scans and the
system scans could be executed with the help of the anti-spam and the antivirus programs.
The antivirus could also be used to automatically update all the signatures. The macros
scripts should be disabled by the organisation for ensuring that the files of the organisation
are gained by any unauthorised user easily.
Mitigating the data breach threat: The real time monitoring has been considered to
be significantly essential for preventing the data breaches. The company could solely prevent
the data breaches if they possess the extensive visibility into the environment (Wehbé, 2017).
The use of tools such as the security information and the event management platform could
be used for gaining the actionable insights from the advanced analytics as well as the data
forensics for mitigating the risks and then increase the speed of the incident response. The
network segmentation should be checked with the forensic experts and view the report of all
11
WEB APPLICATION SECURITY ASSESSMENT
the individuals who have gained the access in the system for accessing the data by the use of
SIEM agents and the logs.
Mitigating the DDoS Attack threat: The most common mitigation strategy used for
ensuring that the website of the organisation does not get affected by the DDoS attack is the
introduction of web application firewall. It is crucial in the DDoS attacks to monitor the
website traffic for the peaks that could help in alluding the DDoS attacks (Bawany, Shamsi &
Salah, 2017). The web application firewall could be described as the layer of extensive
protection that is placed within the website as well as the traffic it gains. The country based
blocking could be used for minimising the risks that are faced in the organisational website. It
could assist with complying with the organisational policies of blocking the hackers.
Mitigating the vulnerabilities
Mitigating Cross site request forgery: For the mitigation of the Cross site request
forgery attacks, various anti-virus in the company is required to be updated constantly.
Several malicious scripts could be effectively blocked as well as the quarantined by the
software. The emails should not be opened, browsing to any other site should not be done or
performing any social network communication should not be done while performing any
financial transaction in the website (Agnihotri & Patidar, 2019). The logins or the passwords
credentials should not be saved within the browser. The malicious code within the CSRF
attacks has been presently written for taking the advantage of the information that has been
found within the browser.
Mitigating the Security Misconfiguration vulnerability: The most common method
of preventing the security misconfiguration vulnerability is the effective utilisation of the
education and training. Educating the staff on the present security trends assists in ensuring
that significantly improved decisions are made and the best practices are followed. It could be
WEB APPLICATION SECURITY ASSESSMENT
the individuals who have gained the access in the system for accessing the data by the use of
SIEM agents and the logs.
Mitigating the DDoS Attack threat: The most common mitigation strategy used for
ensuring that the website of the organisation does not get affected by the DDoS attack is the
introduction of web application firewall. It is crucial in the DDoS attacks to monitor the
website traffic for the peaks that could help in alluding the DDoS attacks (Bawany, Shamsi &
Salah, 2017). The web application firewall could be described as the layer of extensive
protection that is placed within the website as well as the traffic it gains. The country based
blocking could be used for minimising the risks that are faced in the organisational website. It
could assist with complying with the organisational policies of blocking the hackers.
Mitigating the vulnerabilities
Mitigating Cross site request forgery: For the mitigation of the Cross site request
forgery attacks, various anti-virus in the company is required to be updated constantly.
Several malicious scripts could be effectively blocked as well as the quarantined by the
software. The emails should not be opened, browsing to any other site should not be done or
performing any social network communication should not be done while performing any
financial transaction in the website (Agnihotri & Patidar, 2019). The logins or the passwords
credentials should not be saved within the browser. The malicious code within the CSRF
attacks has been presently written for taking the advantage of the information that has been
found within the browser.
Mitigating the Security Misconfiguration vulnerability: The most common method
of preventing the security misconfiguration vulnerability is the effective utilisation of the
education and training. Educating the staff on the present security trends assists in ensuring
that significantly improved decisions are made and the best practices are followed. It could be
⊘ This is a preview!⊘
Do you want full access?
Subscribe today to unlock all pages.
Trusted by 1+ million students worldwide
1 out of 18
Related Documents
Your All-in-One AI-Powered Toolkit for Academic Success.
+13062052269
info@desklib.com
Available 24*7 on WhatsApp / Email
![[object Object]](/_next/static/media/star-bottom.7253800d.svg)
Unlock your academic potential
Copyright © 2020–2025 A2Z Services. All Rights Reserved. Developed and managed by ZUCOL.