Week 2
Chinna1234
159882794680187.pdf
8/30/2020 Originality Report
https://blackboard.nec.edu/webapps/mdb-sa-BB5b75a0e7334a9/originalityReport/ultra?attemptId=d51f8196-f50f-4931-a4b2-b1ad65dc32ae&course_i… 1/4
%100
SafeAssign Originality Report Building Secure Web Applicatns - 202050 - CRN102 - Mitchell • Week Two Assignment
%100Total Score: High riskSwapna Balagowni Submission UUID: f5f4b84e-9912-9d95-3a28-08beb04acac8
Total Number of Reports
1 Highest Match
100 % OpenWebApplicationSecurityProject-Mitc…
Average Match
100 % Submitted on
07/13/20 10:08 PM EDT
Average Word Count
446 Highest: OpenWebApplicationSecurityPro…
%100Attachment 1
Institutional database (3)
Student paper Student paper Student paper
Top sources (3)
Excluded sources (0)
View Originality Report - Old Design
Word Count: 446 OpenWebApplicationSecurityProject-Mitchell (1).docx
3 2 1
3 Student paper 2 Student paper 1 Student paper
8/30/2020 Originality Report
https://blackboard.nec.edu/webapps/mdb-sa-BB5b75a0e7334a9/originalityReport/ultra?attemptId=d51f8196-f50f-4931-a4b2-b1ad65dc32ae&course_i… 2/4
Source Matches (13)
Student paper 100%
Student paper 71%
Student paper 88%
Running Head: OWASP 1
OWASP 4
New England College
Building Secure Web Applications
Submitted to Professor Rick Mitchell
Course Number: 202050-CRN102
Submitted by Swapna Balagowni
07/13/2020
The OWASP is a non-profitable online body that offers articles that are freely-available, documentation, tools, methodologies, and technologies in the web
application field that was developed by Mark Curphey around September 9, 2001. From late 2003 to September 2011, the chair of OWASP was Jeff Williams. From 2015, Matt Konda took over as the chair of the board. The fundamental objective of the OWASP Foundation is the provision of web security, application security, and assessment of vulnerabilities. It applies methods such as workshops, industry standards, and conferences. The Mobile Security Testing Guide provided by
OSWAP is a complete manual applied for mobile application reverse engineering and security testing for android platform and IOS, outlining technical processes for the verification of controls that are listed in the Mobile Security Testing Guide’s co-project Mobile Application Verification Standards (Halton et al., 2017). Every year, OWASP releases the OWASP top ten, which is the list of ten most transpiring vulnerabilities. One of the weaknesses is the broken authentication vulnerability. This vulnerability allows an attacker to uses automatic methods and manuals to gain control over an account they are interested in the system or, worse, gain control over the entire system. Broken authentication refers to logic matters that take place in the application mechanism of authentication, such as bad management of sessions vulnerable to the enumeration of username (Meucci & Muller, 2014). To minimize this risk, it is advisable to avoid leaving the admins’ login page accessible to website visitors. OWASP has recommended some practices which will help reduce broken authentication vulnerability, which is as follows—implementing multi-factor authentication, which prevents attacks such as stolen credential reuse. It is also advised not to ship with any non-payment credentials, especially for those using admins. One should also apply weak password checks like checking changed or new passwords against the list of ten thousand worst passwords. One can also strengthen the length of the password and its complexity (Whitman et al., 2012).
References
Halton, W., Weaver, B., Ansari, J. A., Kotipalli, S. R., & Imran, M. A. (2017). Penetration testing: A survival guide. Packt Publishing. Meucci, M., & Muller, A.
(2014). The testing guide releases 4.0. Open Web Open Web Application Security Project, & PageKicker Robot PageKicker Robot Phil 73. (2014). OWASP top
10: The top 10 most critical web application security threats: Enhanced with text analytics and content by PageKicker robot Phil 73. CreateSpace. Whitman, M. E.,
Mattord, H. J., Mackey, D., & Green, A. (2012). Guide to network security. Cengage Learning.
1
2
3
3
3 3 3
3 3
3
3
1
Student paper
New England College
Original source
New England College
2
Student paper
Building Secure Web Applications
Original source
Building secure web Aplications
3
Student paper
The OWASP is a non-profitable online body that offers articles that are freely- available, documentation, tools, methodologies, and technologies in the web application field that was developed by Mark Curphey around September 9, 2001. From late 2003 to September 2011, the chair of OWASP was Jeff Williams. From 2015, Matt Konda took over as the chair of the board.
Original source
The open Web Application Security Project is a non-profitable online body that offers articles that are freely- available, documentation, tools, methodologies, and technologies in the web application field From late 2003 to September 2011, Jeff Williams served as the chair of OWASP From 2015, Matt Konda took over as the chair of the board
8/30/2020 Originality Report
https://blackboard.nec.edu/webapps/mdb-sa-BB5b75a0e7334a9/originalityReport/ultra?attemptId=d51f8196-f50f-4931-a4b2-b1ad65dc32ae&course_i… 3/4
Student paper 98% Student paper 100%
Student paper 100%
3
Student paper
It applies methods such as workshops, industry standards, and conferences. The Mobile Security Testing Guide provided by OSWAP is a complete manual applied for mobile application reverse engineering and security testing for android platform and IOS, outlining technical processes for the verification of controls that are listed in the Mobile Security Testing Guide’s co-project Mobile Application Verification Standards (Halton et al., 2017). Every year, OWASP releases the OWASP top ten, which is the list of ten most transpiring vulnerabilities. One of the weaknesses is the broken authentication vulnerability.
Original source
It applies methods such as workshops, industry standards, and conferences The OWASP Mobile Security Testing Guide is a complete manual used for mobile app reverse engineering and security testing for android platform and IOS, outlining technical processes for the verification of controls that are listed in the Mobile Security Testing Guide’s co-project Mobile Application Verification Standards (Halton et al., 2017) Every year, OWASP releases the OWASP top ten, which is the list of ten most transpiring vulnerabilities One of the weaknesses is the broken authentication vulnerability
3
Student paper
This vulnerability allows an attacker to uses automatic methods and manuals to gain control over an account they are interested in the system or, worse, gain control over the entire system. Broken authentication refers to logic matters that take place in the application mechanism of authentication, such as bad management of sessions vulnerable to the enumeration of username (Meucci & Muller, 2014). To minimize this risk, it is advisable to avoid leaving the admins’ login page accessible to website visitors. OWASP has recommended some practices which will help reduce broken authentication vulnerability, which is as follows—implementing multi-factor authentication, which prevents attacks such as stolen credential reuse.
Original source
This vulnerability allows an attacker to uses automatic methods and manuals to gain control over an account they are interested in the system or, worse, gain control over the entire system Broken authentication refers to logic matters that take place in the application mechanism of authentication, such as bad management of sessions vulnerable to the enumeration of username (Meucci & Muller, 2014) To minimize this risk, it is advisable to avoid leaving the admins’ login page accessible to website visitors OWASP has recommended some practices which will help reduce broken authentication vulnerability, which is as follows—implementing multi-factor authentication, which prevents attacks such as stolen credential reuse
3
Student paper
It is also advised not to ship with any non-payment credentials, especially for those using admins. One should also apply weak password checks like checking changed or new passwords against the list of ten thousand worst passwords. One can also strengthen the length of the password and its complexity (Whitman et al., 2012).
Original source
It is also advised not to ship with any non-payment credentials, especially for those using admins One should also apply weak password checks like checking changed or new passwords against the list of ten thousand worst passwords One can also strengthen the length of the password and its complexity (Whitman et al., 2012)
8/30/2020 Originality Report
https://blackboard.nec.edu/webapps/mdb-sa-BB5b75a0e7334a9/originalityReport/ultra?attemptId=d51f8196-f50f-4931-a4b2-b1ad65dc32ae&course_i… 4/4
Student paper 100%
Student paper 100%
Student paper 100%
Student paper 100%
Student paper 100%
Student paper 100%
Student paper 100%
3
Student paper
Halton, W., Weaver, B., Ansari, J. A., Kotipalli, S. R., & Imran, M.
Original source
Halton, W., Weaver, B., Ansari, J A., Kotipalli, S R., & Imran, M
3
Student paper
A survival guide.
Original source
A survival guide
3
Student paper
Meucci, M., & Muller, A.
Original source
Meucci, M., & Muller, A
3
Student paper
The testing guide releases 4.0. Open Web Open Web Application Security Project, & PageKicker Robot PageKicker Robot Phil 73.
Original source
Testing guide releases 4.0 Open Web Open Web Application Security Project, & PageKicker Robot PageKicker Robot Phil 73
3
Student paper
OWASP top 10: The top 10 most critical web application security threats: Enhanced with text analytics and content by PageKicker robot Phil 73.
Original source
OWASP top 10 The top 10 most critical web application security threats Enhanced with text analytics and content by PageKicker robot Phil 73
3
Student paper
E., Mattord, H. J., Mackey, D., & Green, A.
Original source
E., Mattord, H J., Mackey, D., & Green, A
3
Student paper
Guide to network security.
Original source
Guide to network security
Powered by TCPDF (www.tcpdf.org)Powered by TCPDF (www.tcpdf.org)Powered by TCPDF (www.tcpdf.org)Powered by TCPDF (www.tcpdf.org)Powered by TCPDF (www.tcpdf.org)Powered by TCPDF (www.tcpdf.org)
