Web App Security Assignment Answer and reference 1-4 separately using APA Referencing. 1) The Open Web Application Security Project (OWASP) came into existence on December 1, 2001, and it is still...

Assignment is attached


Web App Security Assignment Answer and reference 1-4 separately using APA Referencing. 1) The Open Web Application Security Project (OWASP) came into existence on December 1, 2001, and it is still used for the development of Web applications.  Go to the OWASP website at Who Is the OWASP Foundation? and read their OWASP Top 10 – 2017: The Ten Most Critical Web Application Security Risks [PDF]. · What are the most significant changes since 2013? · Choose one of the items and look at it closely. For example, Number 10 is "Insufficient Logging and Monitoring." What is recommended to prevent this risk? · What does that mean to you based on your experience in this class so far? · Knowing the importance of identifying threats, how should developers be responsible for log files and monitoring? Justify your answers. 2) Application security does not happen on its own. Organizations must recognize the value of security and make it a priority when developing applications. Imagine that you are an IT security officer for a large company, and you have been assigned the task of implementing a Web application security verification model. · List the factors you find are required, at a bare minimum, to make an application secure. · Review relevant sites on the Internet and describe what tools or websites can be used to automate such an assessment. · In your opinion, which approach is more reliable: manual or automated verification? Why? · Provide links to any tools that you find 3) Many recent breaches have involved payment card systems, otherwise known as point of sales (POS) terminals. The regulations and standards for POS systems is called the payment card industry data security standard (PCI DSS). · Research recent POS breaches from within the last three years and explain, based on your reading in class, what occurred. Be sure to cite your sources and your textbook. · Explain why or why not you think the breach was preventable, as well as the overall impact the breach had on the business. · In your opinion, if the breach was preventable and the company is found responsible, should they be given a monetary penalty or should stricter legal action be taken, such as jail time? Justify your answer. · Suggest or recommend any tool that could help to maintain compliance. 4) It is important to test all Web applications for functionality and security. The Rough Auditing Tool for Security (RATS) is an open-source tool used for this purpose; however, it is accompanied by many other new tools.  · Read 14 Best Open Source Web Application Vulnerability Scanners. · After you have reviewed the document, select two of your favorite tools, and compare and contrast the tools and determine the pros and cons for each of them. · How often should security testing be conducted on a company’s website, and how should they conduct the tests? What will happen if you don’t conduct the tests? · Is there any benefit to having an outside company conduct the tests? Provide your rationale.