Great Deal! Get Instant $10 FREE in Account on First Order + 10% Cashback on Every Order Order Now

all info is in the odd please help

1 answer below »
UTSA @2021
IS 4463 – Final Report

(100 points maximum)
The OWASP Top XXXXXXXXXXlist is now available! Review the updates to the list before proceeding with
this report. You will be writing a five- to eight-page report on a topic related to web application
security with a focus in one of these two areas:
1. A Recent Web Application Vulnerability
Find a recent vulnerability related to one of these vulnerabilities as detailed in the OWASP
Top XXXXXXXXXX :
• A01:2021: Broken Access Control
• A02:2021: Cryptographic Failures
• A04:2021: Insecure Design
• A08:2021: Software and Data Integrity Failures
• A10:2021: Server-Side Request Forgery (SSRF)
Report on your chosen vulnerability using OWASP as a framework along with your own
esearch. In addition to the OWASP links below, you should include at least three other
citations of reputable sources.
Provide an overview of the type of vulnerability, typical attack vectors, prevalence, detectability,
impact, and mitigation strategies. Then discuss an event related to this vulnerability in detail,
with a summary of expert analysis conducted thus far.

2. A Security Testing Tool in Web Application Security
Review a security testing tool that is frequently used in web application security environments.
You will need to explain how to download and use the tool, and describe its features with a
sample scenario. Below are two lists of common tools.

• OWASP Testing Tools
• Top 10 Open Source Security Testing Tools for Web Applications (hackr.io)

Your report should be single-spaced, in 12-font size. Include headings to delineate major sections,
and code analysis and screenshots where relevant.
Grades will be based on the thoroughness and clarity of your report, the quality and depth of your
sources, and your own insights and observations.

Please submit your document in PDF format with the filenaming convention
lastname_ID_4463_report.pdf (where ID is your abc123 UTSA ID).

https:
owasp.org/Top10
https:
owasp.org/Top10
https:
owasp.org/Top10
https:
owasp.org/www-project-web-security-testing-guide/stable/6-Appendix/A-Testing_Tools_Resource
https:
hackr.io
log/top-10-open-source-security-testing-tools-for-web-applications
is4463finalreportspecifications-msef1e4v.pdf
Answered 2 days After Aug 04, 2024

Solution

Shubham answered on Aug 06 2024
7 Votes
1. A Recent Web Application Vulnerability
Type of Vulnerability
Software and data integrity failures includes issues that is related with integrity of software code and data that can be compromised. The vulnerability occurs when there is insufficient safety to prevent unauthorized and improper alterations. The integrity
eaches can affect behaviour of software and accuracy of data that can lead to severe security and operational consequences.
Typical Attack Vectors
Attackers used different vectors to exploit software and data integrity failures. The common method is manipulating software updates. It can include injecting malicious code in updates and third-party li
aries. Another attack vector is compromising CI/CD pipelines. It can help in gaining access to automated systems. Attackers can use vulnerabilities during software build process (Garg, Bawa & Kumar, 2020). Source code repositories are also the target where unauthorized access allows attackers to alter code. The configuration files include control application behaviour that can be modified to bypass security measures. Lastly, tampering with stored data can co
upt and inject malicious data that can lead to potential data
eaches and system disruptions.
Prevalence
The prevalence of software and data integrity failures has been increasing. This increase is driven by widespread reliance on third-party software, open-source components and automated deployment processes in modern software development. The complexity and interconnectedness of software ecosystems along with adoption of DevOps practices have expanded attack surface. This can make it easier for vulnerabilities to be introduced and exploited.
Detectability
The detection of integrity failures can create significant challenge. The complexity of modern software supply chains and build environments is making difficult to identify unauthorized changes. Malicious alterations are being designed for evading detection mechanisms. The dynamic nature of software environments includes frequent updates and changes that can obscure unauthorized modifications.
Impact
The impact of software and data integrity failures can create significant impact. Unauthorized changes to software can compromise entire systems. This will be allowing attackers to gain control and execute malicious actions. The
eaches can lead to data leaks that can expose sensitive information and cause significant financial and reputational damage. Operational disruptions have major consequence because tampered software and data can lead to system downtimes. The effect of these issues can harm reputation of organization and erode trust among customers and partners.
Mitigation Strategies
This includes implementing code signing that helps to verify authenticity and integrity of software. It requires securing CI/CD pipelines with robust authentication and access controls that can prevent unauthorized access. Regularly auditing and updating third-party dependencies along...
SOLUTION.PDF
SOLUTION.PDF

Answer To This Question Is Available To Download

Related Questions & Answers

More Questions »

Submit New Assignment

Copy and Paste Your Assignment Here
Attach File