all info is in the odd please help

1 answer below »
all info is in the odd please help


UTSA @2021 IS 4463 – Final Report (100 points maximum) The OWASP Top 10 2021 list is now available! Review the updates to the list before proceeding with this report. You will be writing a five- to eight-page report on a topic related to web application security with a focus in one of these two areas: 1. A Recent Web Application Vulnerability Find a recent vulnerability related to one of these vulnerabilities as detailed in the OWASP Top 10 2021 : • A01:2021: Broken Access Control • A02:2021: Cryptographic Failures • A04:2021: Insecure Design • A08:2021: Software and Data Integrity Failures • A10:2021: Server-Side Request Forgery (SSRF) Report on your chosen vulnerability using OWASP as a framework along with your own research. In addition to the OWASP links below, you should include at least three other citations of reputable sources. Provide an overview of the type of vulnerability, typical attack vectors, prevalence, detectability, impact, and mitigation strategies. Then discuss an event related to this vulnerability in detail, with a summary of expert analysis conducted thus far. 2. A Security Testing Tool in Web Application Security Review a security testing tool that is frequently used in web application security environments. You will need to explain how to download and use the tool, and describe its features with a sample scenario. Below are two lists of common tools. • OWASP Testing Tools • Top 10 Open Source Security Testing Tools for Web Applications (hackr.io) Your report should be single-spaced, in 12-font size. Include headings to delineate major sections, and code analysis and screenshots where relevant. Grades will be based on the thoroughness and clarity of your report, the quality and depth of your sources, and your own insights and observations. Please submit your document in PDF format with the filenaming convention lastname_ID_4463_report.pdf (where ID is your abc123 UTSA ID). https://owasp.org/Top10/ https://owasp.org/Top10/ https://owasp.org/Top10/ https://owasp.org/www-project-web-security-testing-guide/stable/6-Appendix/A-Testing_Tools_Resource https://hackr.io/blog/top-10-open-source-security-testing-tools-for-web-applications
Answered 2 days AfterAug 04, 2024

Answer To: all info is in the odd please help

Shubham answered on Aug 06 2024
7 Votes
1. A Recent Web Application Vulnerability
Type of Vulnerability
Software and data integrity failures includes issues that is related with integrity of software code and data that can be compromised. The vulnerability occurs when there is insufficient safety to prevent unauthorized and improper alt
erations. The integrity breaches can affect behaviour of software and accuracy of data that can lead to severe security and operational consequences.
Typical Attack Vectors
Attackers used different vectors to exploit software and data integrity failures. The common method is manipulating software updates. It can include injecting malicious code in updates and third-party libraries. Another attack vector is compromising CI/CD pipelines. It can help in gaining access to automated systems. Attackers can use vulnerabilities during software build process (Garg, Bawa & Kumar, 2020). Source code repositories are also the target where unauthorized access allows attackers to alter code. The configuration files include control application behaviour that can be modified to bypass security measures. Lastly, tampering with stored data can corrupt and inject malicious data that can lead to potential data breaches and system disruptions.
Prevalence
The prevalence of software and data integrity failures has been increasing. This increase is driven by widespread reliance on third-party software, open-source components and automated deployment processes in modern software development. The complexity and interconnectedness of software ecosystems along with adoption of DevOps practices have expanded attack surface. This can make it easier for vulnerabilities to be introduced and exploited.
Detectability
The detection of integrity failures can create significant challenge. The complexity of modern software supply chains and build environments is making difficult to identify unauthorized changes. Malicious alterations are being designed for evading detection mechanisms. The dynamic nature of software environments includes frequent updates and changes that can obscure unauthorized modifications.
Impact
The impact of software and data integrity failures can create significant impact. Unauthorized changes to software can compromise entire systems. This will be allowing attackers to gain control and execute malicious actions. The breaches can lead to data leaks that can expose sensitive information and cause significant financial and reputational damage. Operational disruptions have major consequence because tampered software and data can lead to system downtimes. The effect of these issues can harm reputation of organization and erode trust among customers and partners.
Mitigation Strategies
This includes implementing code signing that helps to verify authenticity and integrity of software. It requires securing CI/CD pipelines with robust authentication and access controls that can prevent unauthorized access. Regularly auditing and updating third-party dependencies along...
SOLUTION.PDF

Answer To This Question Is Available To Download

Related Questions & Answers

More Questions »

Submit New Assignment

Copy and Paste Your Assignment Here