Task 3, (LO.3, M1, M2, M3, D2): Produce a report titled; ‘Web Application Security’ that examines Web Application security concerns. Your report should make recommendations to improve the security of Web Applications.
Web Application Security
Web application security is a form of security that deals specifically with the security of websites, their applications and web services. At advanced levels, web application security touches on the principles of web application security but applies them directly to Internet and Web systems.
With the intoduction of Web 2.0, sharing information through social networking has increased and as there has been increased business/services over the internet websites are often attacked directly. Hackers either attempt to compromise the network or alternetivly the end-users opening the website.
The majority of web application attacks occur through three avenues Cross-site scripting (XSS), SQL injection attacks and Phishing.
Cross-site scripting (XSS)
Cross-site scripting (XSS) is one of the most often found vulnerabilities as well as one of the most dangerous related to web applications.
…show more content…
In order to get started I analysed three web applications from the well known e-commerce website www.amazon.co.uk. I explored three features in depth; their search bar, their basket/cart and reviews and comments section of their site. As well I this I briefly discussed how it all links to a database/server. I reported how the search bar links to databases/servers of amazon.co.uk and how they incorporated an option which allows you to choose which department you wish to search in. Furthermore, I discussed the basket/cart on amazon.co.uk and how your basket/cart is also stored so you can then shop further or go on and pay. As well as this I briefly touched on how amazon use the basket/cart as a last chance do get some marketing/advertising done through promoting items that ‘others who bought this item also bought:’, therefore amazon have stored buying habits of those who are customers of their website. The final web application I then discussed was the reviews and comments section of amazon.co.uk. Also stored on the database was the reviews of those who had bought the product previously and score out of five stars along with a comment of those who bought the
Amazon and Ebay are two well-known brands of online shopping sites. They have evolved and grown from small firms to the giants of e-commerce today. In this essay, a comparison would be made between the two firms.
Vulnerability 3: Cross-Site Scripting (XSS): It is one of the most common application layer hacking techniques ("What is cross-site," 2015).
concerned with the protection of the server where the protection of the server constitute a large proportion of protecting your site
Assignment 7. Go online and search for information about security threats posed by browser add-ins, such as Java applets and ActiveX controls. Note that most of these programs are small in size and downloaded onto computers over the Internet. Look for a specific example of a security problem resulting from such add-ins, and document the problem in a case study.
Harwood, M. (2011). Security strategies in Web applications and social networking. Sudbury, Mass.: Jones & Bartlett Learning.
If we turn the clock backwards about 10 or 15 years, we find that people do not care much for the security of the web due to the lack of trying to exploit web applications for personal interests. But more recently, the issues related to the security of the Web began to grow, but unfortunately, there are many Web applications that have been developed, but these applications are started without any design for security.
A company that deals with making web site and web business solutions is known as Quality web design is. The company provides its customers to provide an opportunity so that they can spread their business through the internet. The other business solutions accompanied are accounting, payroll marketing, also parts of the business process and for which it assets are employed. Here the solution of the weaknesses that are pointed in phase 1 will be called for there effective solution.
The Aim Higher college has recently had some issues of sensitive information being stolen from students when registering for classes. I believe that the web application that the student information system is using is a problem named SQL injection. A SQL injection attack is an attack where the attacker can run malicious SQL queries against a web application’s database server and it can be a danger for the users who access the web page because the hacker will look for their personal information records, then delete it or modify the information gained. This type of attack is no joke we have to take action and create a plan to resolve this vulnerability on our database, so the students will register for their courses with our security on their side.
Cross site vulnerability due to poorly validated coding in JavaScript and DOM (Karanth et al, 2011)
Web applications are nowadays serving as a company’s public face to the internet. This has created the need to identify threats and attacks directed to data servers and web applications. Hackers exploit vulnerabilities in input validation and authentication affecting the web application in order to gain illegal access and disclose sensitive data or manipulate it to their benefits.
Amazon today was not as thriving and robust as it was in the beginning. Amazon originally was set to market compact discs, computer hardware, computer software, videos, and mainly books. With the use of Information Technology, Amazon was able create a new business model using the Web as a place for transactions. As consumers learned it was easier to purchase goods with via the web rather than physically going to the store, Amazon created ecommerce and e-business models that generated massive profits for the company. This paper will discuss primarily on how IT aided in Amazon’s strategies involving their ecommerce business as well as their Web Services business.
They can identify websites frequently visited by users, those vulnerable websites that can be targeted and what users often search for.
The web application requires security in order to protect customer data, as part of the application requires the customer to input their name and phone number. Also in order to prohibit unauthorised access and it prevents service interruptions, so Training4U can always provide a good service. Securing the application ensures that only administrators can access the admin pages, and instructors and customers can access their pages through the internet. In order to do this for the administrators a login form would be created for the admin page so that they are the only people who can access them. Also the customer’s data needs to be protected both while it is being transmitted to the server using secure socket layers and to secure the web app which therefore protects customer data, a security realm has to be set up in the application server.
In today’s highly connected digital ecosystem, our lives, businesses, communications, and a lot of activities depend on the websites and web applications. All websites contain sensitive data and deliver business-critical information services to the targeted audience. Due to the rapidly increasing use of websites and web applications, vulnerabilities have become quite rampant. Even the smallest security loophole can give cybercriminals a chance to destroy the web-based business, damage customer confidence, and brand reputation in a short time span.
There are different kinds of web application attacks like XSS, SQL Injection Inclusion Vulnerabilities (LFI and RFI). The main problem is web security (hacking) in network of affected computers and that are propagating through network and server without the knowledge of administrator. Another problem is in uploading the whole and accurate data of staff, students and admin data from remote location. Web site works on different types of login, students and staff only excess own user name and administrator excess the all data.