Cyber Security Assignment: A Detailed Review On OWSAP
Question
Task:
Conduct a research and develop a research paper on cyber security assignment discussing the key aspects of OWASP.
Answer
Abstract
The concept of OWASP explored in this cyber security assignment is defined as "open web application security project" that delivers a platform where the security of web applications and software can be improved in a reliable manner. Today, the rate of cyber-attack is increasing quickly and many hackers target web applications and networks used by the companies for which proper security programs need to be developed. OWASP is capable to manage such security risks and provide early detection of security vulnerabilities from web applications. This research focuses on the key aspects of OWASP and allows improving knowledge about web application security risks. It is found that miss-configuration and improper security measures enable criminals to perform cyber-attacks among web applications and servers. So, it is recommended that OWASP should be adopted along with the risk assessment plans.
Introduction
The term OWASP refers to the open web application security project which is an online community that produces effective security plans for improving the privacy of computing software and networks. In this generation, companies are using computer applications and software-based systems which are not able to manage and decrease cyber activities. In order to manage cyber-crimes and hacking, OWASP has provided a platform where software and computer applications can be linked with the secured networks and systems. The aim of this paper is to review the concept behind OWASP and examine the security risks and threats linked with web applications. There are numerous sections will be covered for example background information of OWASP, working of OWASP, the goal of OWASP and its applications and web application security risks.
OWASP and its description
OWASP stands for “open web application security project” that provides a platform where companies can develop effective security plans and systems for securing software and web applications. Guamán, et al., (2017) reported that OWASP is a non-profit community which is mainly developed for enhancing the security and privacy of the computing software. It is capable to manage cyber-crimes and activities performed by the hackers and allow the business communities to address hacking related activities. According to OWASP, computer applications and websites are free for accessing where it is easy for the criminals to transfer malware and unusual signals that can impact on the security and privacy of web applications (Burato, Ferrara, and Spoto, 2017). OWASP offers everything from devices, recordings, gatherings, ventures, to occasions. To put it plainly, OWASP is a store of everything web-application-security, upheld by the broad information and experience of its open network donors. OWASP is an online archive on OWASP's site that gives positioning of and remediation direction for the main 10 most basic web application security chances. The report depends on an agreement among security specialists from around the globe. The dangers are positioned and dependent on the recurrence of found security surrenders, the seriousness of the weaknesses, and the size of their likely effects.
OWASP vulnerability
In the field of computer applications, vulnerability is an opening or a shortcoming in the application, which can be a plan blemish or a usage bug that permits an aggressor to make hurt the partners of an application (Jain, and Shanbhag, 2012). Partners incorporate the application proprietor, application clients, and different elements that depend on the application. The presence of security vulnerabilities can allow hackers to target computer applications and websites easily and decrease the level of confidently effectively. There are numerous examples of vulnerabilities for example lack of input validation, lack of sufficient logging process and improper security measures.
Working and goal of OWASP
It is demonstrated that the goal of OWASP is to control and decrease the chances of cyber-attacks by developing security controls and programs for web applications and software. The working of OWASP is simple in which users and companies need to install OWASP based software and server in the computer systems and need to link with the web servers so that detection of cyber-crimes can be performed (?ukasiewicz, and Cyga?ska, 2019). Moreover, web servers and applications are linked with the databases and communication networks where OWASP is able to scan and review the entire process for finding security threats. Through, OWASP tools, vulnerability detection and scanning related operations can be done in a significant manner and data files can be protected from hackers easily,
Uses of OWASP
OWASP is mainly used for securing computer applications and websites by proposing effective and reliable security programs so that business performance and security can be improved. There are few other applications and uses of OWASP for example detecting security risks, findings and addressing fraud cases and scanning vulnerabilities from computer applications (OWASP 2018). More than 70% of the business communities are using OWASP networks and programs in order to handle cyber-crimes and frauds from systems and enhance the security of web applications effectively.
Web application security risks
There are following security risks and threats occur in the web applications that impact on the performance and privacy of data:
Malware
It is a common security threat occurs in the web applications where the criminals produce unwanted programs and target computer servers so that accessibility can be gained. The presence of malware signals can allow the criminals to decrease the privacy of web applications and access sensitive information of the users easily. Sönmez, (2019) agreed and reported that companies should focus on security and manage malware threats so that the security of web applications can be improved.
Injection
Injection imperfections, such as SQL occur in the computer applications when unusual information is shipped off a translator as a component of the hacking. The assailant's threatening data can fool the translator into executing hacking activities or getting to sensitive data without significant approval for users (Sucuri , 2020).
Broken authentication
This type of security risk is identified with confirmation and presence of unwanted signals can allows the hackers to produce unauthorized activities. It is found that broken authentication is permitting aggressors to bargain passwords, keys, or meeting tokens, or to abuse other execution blemishes to expect other clients' personalities incidentally or forever.
Sensitive data exposure
Numerous web based applications and networks don't significantly ensure information such as financial, therapeutic care, and PII. Aggressors may take or adjust such pitifully secured information to lead MasterCard distortion, data fraud, or different violations. The criminals are capable to target computer servers and encrypt personal data and files effectively.
XML external entities
XML is another leading security risk that has the ability to target computer networks and web servers so that data accessibility can be done easily. More than 67% of the companies are suffering from XML external entities where the employees and teams are not able to detect external threats and risks.
Broken access control
It is found that most of the hackers target access controls linked with the web applications that allow to directly accessing personal data and accounts of the users effectively. Using malicious programs and servers, broken access control related activities can be performed by the hackers for which proper security programs need to be developed.
Security miss-configuration
Privacy misconfiguration is the highest normally observed issue. Due to improper miss-configuration of networks, the users and companies are not able to address security threats and vulnerabilities performed by the hackers. It is suggested that developers and security experts should follow proper configuration process so that privacy of web applications can be improved.
Cross site scripting
It is a part of cyber-attack where malicious scripts are developed by the hackers in order to inject trusted web applications and servers. Such security threat happen when a cyber-criminal utilizes a website for sending malicious codes in the form of side scripting.
Insecure de-serialization
It is another security risk where user controllable is deserialized through a web application so that accessibility of data can be completed effectively. Such kind of cyber-attack allows the cyber-criminals for manipulating serialized objects for passing unwanted and unusual signals to the application servers and codes.
Insufficient logging and monitoring
Deficient logging and monitoring are capable to produce coordination with episode reaction, permits aggressors to additional assault frameworks, look after industriousness, rotate to more frameworks, and alter, extricate, or pulverize information.
Conclusions
It may be summarized that OWASP is capable to protect data and web applications from hackers and allows the companies to enhance the security of web applications effectively. This research helped to enhance understanding of web application security and reviewed the working of OWASP. It is found that lack of security, miss-configuration of networks and insufficient loggings are major security risks that impact on the security of web applications and allow the hackers to perform cyber-crimes. It is suggested that companies should develop security plans and risk assessment programs based on the OWASP so that privacy of web applications can be improved in a reliable manner.
References
Burato, E., Ferrara, P. and Spoto, F., (2017) Security analysis of the OWASP benchmark with Julia. Proceedings of ITASEC, 17.
Guamán, D., Guamán, F., Jaramillo, D. and Sucunuta, M., (2017) Implementation of techniques and OWASP security recommendations to avoid SQL and XSS attacks using J2EE and WS-Security. In 2017 12th Iberian Conference on Information Systems and Technologies (CISTI), pp. 1-7.
Jain, A.K. and Shanbhag, D., (2012) Addressing security and privacy risks in mobile applications. IT Professional, 14(5), pp.28-33.
?ukasiewicz, K. and Cyga?ska, S., (2019) Security-oriented agile approach with AgileSafe and OWASP ASVS. In 2019 Federated Conference on Computer Science and Information Systems (FedCSIS), pp. 875-878.
OWASP (2018) OWASP top ten. [online] Available from: https://owasp.org/www-project-top-ten/ [Accessed 23/12/20].
Sönmez, F.Ö., (2019) Security Qualitative Metrics for Open Web Application Security Project Compliance. Procedia Computer Science, 151, pp.998-1003.
Sucuri (2020) OWASP Top 10 security risks and vulnerabilities. [online] Available from: https://sucuri.net/guides/owasp-top-10-security-vulnerabilities-2020/#:~:text=The%20Top%2010%20OWASP%20vulnerabilities%20in%202020%20are%3A&text=Broken%20Authentication,Broken%20Access%20control [Accessed 23/12/20].