ITEC 6620: Web Security Vulnerabilities and Access Control Report

This report delves into the realm of information and system security, focusing on the vulnerabilities inherent in web-based applications. It highlights the increasing threat landscape, referencing the Pwn2Own contest as a demonstration of the persistent challenges in securing popular software and mobile devices. The report analyzes the reasons behind the failure of security controls, particularly the ineffectiveness of access control models in preventing exploitation. It attributes vulnerabilities to web developers and the dynamic nature of modern web pages, which necessitates robust access control systems capable of mediating interactions between various entities. The report emphasizes the importance of server-side validation and the need for in-page access controls. It also touches on the significance of user awareness regarding attack vectors like phishing and malware. The report suggests that implementing access control after the initiation of an access action is a crucial step in mitigating security issues. The report concludes by emphasizing the importance of addressing authentication problems, malware disruptions, and physical security to find relevant solutions.