cyber security

Respond to student 100 min word count

Common vulnerabilities for web servers are:

Broken Authentication – This can be in the URL as a session id and leak it, passwords might not be encrypted in storage or transit, trivial session ids, session fixation, and session hijacking.

Security Misconfiguration – running the application with debug enabled in production, directory listing enabled on the server, running outdated software, unnecessary services running on the machine, not changing default keys and passwords, and revealing error handling information to the attackers (Interactive, 2019).

Common Vulnerabilities for web browsers are:

Cross-Site Scripting (XSS) – This is when an attacker can modify webpages that other users seen in the application to steal passwords, credit cards, spread bogus data, hijack user sessions, redirect to another site, or to execute malicious scripts in the victim’s browser (Kalman, 2019).

SQL Injection- This is an attack that allows the attacker to manipulate your web application into altering the commands submitted to its subsystems, by sending malformed requests with tainted payloads. By doing this, the attacker can then login as an administrator, without even knowing the password. The attacker can then steal secrets, change data, or erase all traces of activity (Kalman, 2019).

One defense is an open source web application vulnerability scanner. This program is called Wapiti, and it allows users to audit the security of your websites or web applications. This is done by a black box scan that crawls the webpages of the deployed web app, looking for scripts and forms where it can inject data ("Wapiti, 2019). Once it has collected a list of URLs, forms and other inputs, Wapiti injects payloads to see if a script is vulnerable.

Wapiti can detect multiple vulnerabilities such as file disclosure, database injection, XSS, command execution detection, CRLF injection, Server-Side Request Forgery, and many others. The program generates vulnerability reports, suspend or resume attacks, color variations to highlight vulnerabilities, different levels of verbosity, fast and easy way to activate/ deactivate attack modules, and easy ways to add payloads ("Wapiti, 2019). By using a program such as this, it will help to ensure the security or your web browsers and web servers. Just like other areas of defense on the network, the security team must perform regular analysis.

Interactive, C. (2019). 6 Common Website Security Vulnerabilities. Retrieved 27 July 2019, from https://www.commonplaces.com/blog/6-common-website-security-vulnerabilities/

Kalman, G. (2019). 10 Most Common Web Security Vulnerabilities. Retrieved 27 July 2019, from https://www.toptal.com/security/10-most-common-web-security-vulnerabilities

Wapiti : a Free and Open-Source web-application vulnerability scanner in Python for Windows, Linux, BSD, OSX. (2019). Retrieved 27 July 2019, from http://wapiti.sourceforge.net/