Assignment

Annotated Bibliography-Vulnerabilities in Web Servers

Name:

Institutional Affiliation:

Annotated Bibliography-Vulnerabilities in Web Servers

The discussion of the paper revolved around several literature studies undertaken in the past few years relating to vulnerabilities in web servers. Vulnerability is a term that refers to weaknesses exploitable by a threat actor. It undertakes entails unlawful actions within computer servers. More than one appropriate tool connected to a system may ensure manipulation. Therefore, the vulnerability may be considered as being an attack surface. Concerning the above, it is essential to look into the topic of study using various studies that have been undertaken.

Vokorokos, L., Baláž, A., & Ádám, N. (2015). Secure web server system resources utilization. Acta Polytechnica Hungarica, 12(2), 5-19.

The article discusses web servers as the frameworks that support the development of websites in the world. Web servers tend to be working on computers that run operating systems. They have their connections operating to the back-end databases that run on different applications. This means that the operations of the web servers have to be on date for them to allow efficiency in the development of websites. The web servers are instrumental in terms of considering their protection from manipulation by hackers. This means that any vulnerability associated with the operating system, database, and applications may create significant rates of attacks on the web server.

Kumar, M., & Sharma, A. (2017). An integrated framework for software vulnerability detection, analysis and mitigation: an autonomic system. Sādhanā, 42(9), 1481-1493.

Vulnerability management identifies, classifies, remediates, and mitigates vulnerabilities. A security risk may be considered as being vulnerability due to the damages created among systems such as web servers. Vulnerabilities among computer systems may cause security holes which may become difficult to eliminate unless via thorough use of robust antivirus and anti-phishing tools/software. Security bugs are part of the causing agents of vulnerabilities among systems that lack relation to software. Viruses and phishing processes are also significant threats to the effective operations of web servers. As per the article, vulnerability is crucial to consider as it lets an organization lose billions out of the data hacked and an authoritatively accessed by individuals.

Barrere, M., Badonnel, R., & Festor, O. (2013). Vulnerability assessment in autonomic networks and services: a survey. IEEE communications surveys & tutorials, 16(2), 988-1004.

The article presents vulnerability as a gap related to the operations of an automated system such as a web server. The focus of the article is on issues such as security procedures, internal controls, and administrative tools that may experience exploitation by a threat. The purpose may be to acquire unauthorized access to data to affect critical processing. It is evident that the presence of vulnerability may not in itself lead to harm. It is a condition/several events that allow the web server/any other system to experience negativity because of an attack launched against it. Vulnerability, in this case, has reference to the characteristics of the web servers, as systems, which suffer a definite degradation.

Kaur, N., & Kaur, P. (2014). Input validation vulnerabilities in web applications. Journal of Software Engineering, 8(3), 116-126.

According to Kaur & Kaur (2014), it is essential to note that one has to be specific about the vulnerabilities that exist within the web servers in an organization. This is because many vulnerabilities may cause weaknesses when it comes to the operations of a computer system/web servers. Identifying the right vulnerability ensures that one can save a significant amount of time and resources. Therefore, it is vital to prioritize the type of vulnerabilities that affect a web server. The process of focusing on many vulnerabilities may lead to ineffective outcomes. The vulnerabilities affect the web servers differently and possess unique impacts on such systems. They do not, and this means that they should be treated independently.

Radack, S., & Kuhn, R. (2011). Managing security: The security content automation protocol. IT professional, 13(1), 9-11.

The vulnerability of web servers is dynamic and requires careful studies and evaluations launched on the issue. The main reason for this is because data is highly sensitive among organizations. Hackers focus on data that revolves around financial transactions as this gives them a clue to make money out of them. Vulnerability means that data may be manipulated, shared, and stolen from either the internal or external operational environment of an organization. Workers may be the ones causing the vulnerability, or hackers may use holes to acquire data from web servers. This means that everyone has to be careful about how to handle issues surrounding data security among web servers.

Singh, U. K., & Joshi, C. (2016). Quantifying security risk by critical network vulnerabilities assessment. International Journal of Computer Applications, 156(13), 26-33.

It is important to note that the world is changing at a tremendous pace concerning the use of technology in terms of managing and sharing of data from one person to another. This means that web servers are working with advanced frameworks to enable them to remain secure against attacks. However, identification of security gaps associated with web servers is crucial. The main reason for this is because some factors may be detrimental to the operations of web servers. Viruses, worms, and phishing emails may manipulate systems and promote an environment conducive to steal sensitive data from web servers. This means that organizations have to be careful about how they deal with the problem.

Deepa, G., & Thilagam, P. S. (2016). Securing web applications from injection and logic vulnerabilities: Approaches and challenges. Information and Software Technology, 74, 160-180.

The article is keen on existing policies and regulations that focus on information security management. Examples include the Information Security System (ISMS) and HIPAA, among other regulations which serve as an essential policy that ensures proper development of procedures to support the methods applied for robust frameworks. The policy works with risk management principles in ensuring that data from web servers are protected from manipulation. According to the article, security strategies need to be established by complying with rules and regulations which serve as countermeasures for vulnerability. Countermeasures provided through policy compliance serve as security controls that ensure effective security services among individuals in society.

Barnes, R., & Director, E. A. S. (2011). Database Security and Auditing: Leading Practices. Enterprise Auditing Solutions Applications Security.

The article is significant in discussing cross-site forgery as a cause of malicious attacks. The article reiterates that the user is tricked into engaging in an activity that was not part of his intention. The situation may see a third-party website sending a request to a web application that a user possesses authenticate against it. The situation may lead to the attacker accessing functionality via the authenticated browser of the user. Social media platforms, online banking websites, and web interfaces associated with connected devices are the ones that serve as the targets. Most of the victims are individuals who are caught with their guard down. They are individuals who are always failing to practice safe security measures on their websites.

Joshi, C., & Singh, U. K. (2014). Admit-A five-dimensional approach towards standardization of network and computer attack taxonomies. International Journal of Computer Applications, 100(5), 30-36.

The presentation of the article looks into security misconfiguration. This revolves around different vulnerabilities that come from poor maintenance. The article also looks into the aspect of poor attention when it comes to configuring web application. A secure configuration is seen as one that must be defined and deployed to support systems such as web/ application servers, frameworks, and application. Many web servers are prone to attacks due to security misconfiguration that creates holes in them for hackers to access their private data. These issues may promote system compromising outcomes. Hackers are always on the lookout to ensure that they acquire data from web servers when they have operational gaps in them.

Singh, U. K., & Joshi, C. (2017). Information Security Risk Management Framework for University Computing Environment. IJ Network Security, 19(5), 742-751.

The discussion surrounding the article is on cross-site scripting. This is known as XXS. It refers to vulnerabilities targeting scripts embedded in a web platform. These are executed on the side of the user. This means that the user browser is the one that undertakes the execution of the processes associated with vulnerability. The above flaws may occur when applications acquire untrusted data, and the web browser receives it without validation. Attackers may employ XXS in executing malicious scripts associated with the users. Browsers may not know the true nature of scripts even when they are executed. The situation may see attackers hijacking cookies and deface websites.

Ramachandran, S., & Ramachandran, A. (2012). Rapid and proactive approach on exploration of vulnerabilities in cloud based operating systems. International Journal of Computer Applications, 42(3), 37-44.

The presentation of the article focuses on the role of a user in promoting attacks against web servers. Vulnerabilities on websites and networked devices are created by the ignorance and laziness of the users. Most of them tend to have their guard down. They need to have strict measures in dealing with different security frameworks in their web servers and platforms. It is the role of an individual user to ensure adequate protection is provided to data. This is because some attacks are such severe that it becomes difficult to recover from them. This means that an organization has to undertake regular audits.

Rahman, A., Kawshik, K. R., Sourav, A. A., & Gaji, A. (2016). Advanced Network Scanning. American Journal of Engineering Research (AJER), 5(6), 38-42.

The backbone of the article is the proper configuration of security frameworks among systems. Web servers and other systems have to undergo security configurations to identify and eliminate existing vulnerabilities. Organizations are advised by the author to consider high maintenance on the configuration of information management platforms. It is the role of an organization to support a well-defined security framework to ensure effective operations of an IT framework. Security configuration is the right framework to ensure that hackers cannot attack a web server and acquire private data from connected websites and connected devises. This ensures that a system can become robust in terms of fighting any threats associated with its operations.

Vieira, T., & Serrao, C. (2016). Web applications security and vulnerability analysis financial web applications security audit–a case study. International Journal of Innovative Business Strategies, (2), 86-94.

The article presents different methodologies relating to data collection associated with vulnerabilities in web servers. Data has to be collected from port scanning using Nmap, website mirroring, banner grabbing, and Netcraft. Scanning of vulnerabilities should occur via automated scanning tools on a website server. The applications should also be part of the scanning. It is through the above process that it becomes easy to deal with the threats and vulnerabilities on the desired web servers. The acquired vulnerabilities may be exploited via tools/manually. The process should also focus on brute force, dictionary attacks, and existing passwords. Organizations should be able to consider their ways of ensuring robust protection frameworks.

Sumithra, A., & Ramaraj, E. (2010). A Strategic Approach for Risk Analysis of Production Software Systems. International Journal of Computer Applications, 975, 8887.

One of the most significant factors concerning the article is the fact that it has presented different countermeasures relating to the operations of web servers. The article presents the importance of updating and patching web servers regularly. This means that organizations have to use a firewall to ensure that there is the minimization of security breaches. The data connected with web servers should be stored securely through proper configurations of files. It is the role of individuals to note that the use of secure protocols is the same as applying strict control policy. Organizations have to install reliable anti-virus and update them regularly. The applications that run via the web servers are scanned for vulnerabilities.

Rastogi, A., & Nygard, K. (2019). Software Engineering Principles and Security Vulnerabilities. Proceedings of 34th International Confer, 58, 180-190.

Complex issues in dealing with vulnerabilities among web servers revolve around skill, expertise, and knowledge development. It is essential to note that organizations have to focus on hiring the best expertise and knowledge in influencing the management of information and the infrastructure supporting robust security. This means that organizations have to undertake sufficient research to acquire the needed skills and expertise associated with dealing with security frameworks. Security vulnerabilities have to be aligned with skill gaps in an organization. Training of employees is also significant in enhancing development in issues surrounding security frameworks among web platforms and servers. It is through the above that it becomes easy for an organization to operate successfully without having to worry about data loss.

References

Barnes, R., & Director, E. A. S. (2011). Database Security and Auditing: Leading Practices. Enterprise Auditing Solutions Applications Security.

Barrere, M., Badonnel, R., & Festor, O. (2013). Vulnerability assessment in autonomic networks and services: a survey. IEEE communications surveys & tutorials, 16(2), 988-1004.

Deepa, G., & Thilagam, P. S. (2016). Securing web applications from injection and logic vulnerabilities: Approaches and challenges. Information and Software Technology, 74, 160-180.

Joshi, C., & Singh, U. K. (2014). Admit-A five-dimensional approach towards standardization of network and computer attack taxonomies. International Journal of Computer Applications, 100(5), 30-36.

Kaur, N., & Kaur, P. (2014). Input validation vulnerabilities in web applications. Journal of Software Engineering, 8(3), 116-126.

Kumar, M., & Sharma, A. (2017). An integrated framework for software vulnerability detection, analysis and mitigation: an autonomic system. Sādhanā, 42(9), 1481-1493.

Radack, S., & Kuhn, R. (2011). Managing security: The security content automation protocol. IT professional, 13(1), 9-11.

Rahman, A., Kawshik, K. R., Sourav, A. A., & Gaji, A. (2016). Advanced Network Scanning. American Journal of Engineering Research (AJER), 5(6), 38-42.

Ramachandran, S., & Ramachandran, A. (2012). Rapid and proactive approach on exploration of vulnerabilities in cloud based operating systems. International Journal of Computer Applications, 42(3), 37-44.

Rastogi, A., & Nygard, K. (2019). Software Engineering Principles and Security Vulnerabilities. Proceedings of 34th International Confer, 58, 180-190.

Singh, U. K., & Joshi, C. (2016). Quantifying security risk by critical network vulnerabilities assessment. International Journal of Computer Applications, 156(13), 26-33.

Singh, U. K., & Joshi, C. (2017). Information Security Risk Management Framework for University Computing Environment. IJ Network Security, 19(5), 742-751.

Sumithra, A., & Ramaraj, E. (2010). A Strategic Approach for Risk Analysis of Production Software Systems. International Journal of Computer Applications, 975, 8887.

Vieira, T., & Serrao, C. (2016). Web applications security and vulnerability analysis financial web applications security audit–a case study. International Journal of Innovative Business Strategies, (2), 86-94.

Vokorokos, L., Baláž, A., & Ádám, N. (2015). Secure web server system resources utilization. Acta Polytechnica Hungarica, 12(2), 5-19.