I need a unique news story or article about an information technology event rela

Question

I need a unique news story or article about an information technology event related to cryptography or web application security. Please make sure the event includes the specific elements listed below. •Evaluation of the security posture before, during, and after the event (What changes were made as a result of the event?) •Discussion of how changes to the cryptography or authentication methods might have mitigated this event •Discussion of a mitigation for the remote connection security issue and •Summary of what is being sent to me please.

Explanation / Answer

We can you the following article: I have given with one small scenario. Please add if you feel something to be added. Please ask if you have any questions further:

Defining Web Application Security:
Web application security is a branch of Information Security that deals specifically with security of websites, web applications and web services.
At a high level, Web application security draws on the principles of application security but applies them specifically to Internet and Web systems. Across the internet, the particular application hosted on the server is said to have secured from the vulnerabilities or possible threats, It should have met the security standers prescribed by the Principles of application security such as:

1. Input validation
2. Authentication and Authorisation
3. client and server side dual validation
4. Fixing the firewall at the server end to avoid the hacking or SQL ingestion
5. Session management
6. Cryptography
7. Message encoding and decoding
8. Exception management
9. Information logging

Security certification by doing security testing of an application:
   Security testing techniques tacle with vulnerabilities or security holes in applications. These vulnerabilities leave applications open to exploitation to the hackers especially the commerce sites(Banking, payment gate ways etc....). Ideally, security testing is implemented throughout the entire "software development life cycle" (SDLC) at the unit(module), integration and system level so that vulnerabilities may be addressed in a timely and thorough manner at the initial stages only. Unfortunately, testing is often conducted as an afterthought at the end of the development cycle. But, as per new development process like Agile methodologies, we can fulfil this gap.

   Vulnerability scanners, and more specifically web application scanners, otherwise known as penetration testing tools (i.e. ethical hacking tools) have been historically used by security organizations within corporations and security consultants to automate the security testing of http request/responses; however, this is not a substitute for the need for actual source code review. Physical code reviews of an application's source code can be accomplished manually or in an automated fashion. Given the common size of individual programs (often 500,000 lines of code or more), the human brain can not execute a comprehensive data flow analysis needed in order to completely check all circuitous paths of an application program to find vulnerability points. The human brain is suited more for filtering, interrupting and reporting the outputs of automated source code analysis tools available commercially versus trying to trace every possible path through a compiled code base to find the root cause level vulnerabilities.

   Banking and large E-Commerce corporations have been the very early adopter customer profile for these types of tools. It is commonly held within these firms that both Black Box testing and White Box testing tools are needed in the pursuit of application security. Typically sited, Black Box testing (meaning Penetration Testing tools) are ethical hacking tools used to attack the application surface to expose vulnerabilities suspended within the source code hierarchy. Penetration testing tools are executed on the already deployed application. White Box testing (meaning Source Code Analysis tools) are used by either the application security groups or application development groups. Typically introduced into a company through the application security organization, the White Box tools complement the Black Box testing tools in that they give specific visibility into the specific root vulnerabilities within the source code in advance of the source code being deployed. Vulnerabilities identified with White Box testing and Black Box testing are typically in accordance with the OWASP taxonomy for software coding errors. White Box testing vendors have recently introduced dynamic versions of their source code analysis methods; which operates on deployed applications. Given that the White Box testing tools have dynamic versions similar to the Black Box testing tools, both tools can be correlated in the same software error detection paradigm ensuring full application protection to the client company.
  
   If the application passes all the necessary security vulnerabilities, then it said to be ready for deploying in the real world.
  
   The Benefits of implementing Web Application Security:
       1. we can potentially avoid hackers
       2. Avoid cross site scripting problems in web application manly E-commerce applications.
       3. We can avoid eavesdropping of vital information of the application
       4. Secured user access to the application can be provided
       5. We can deliver 100% reliable application to our clients/user
       6. Complete code coverage of the system will be achieved by doing security checks before releasing the application to the live.
       7. we can avoid false positiveness of the application(False positives represent the single biggest weakness in security tools, commonly representing over 50% of the results. False positives increase the workload on scarce security resources and make it difficult to identify the most critical flaws, decreasing the utility of technologically-dated scanners. With interactive testing, access to more data leads to more accurate findings.)
       8.Configuration management of the application can be easier.
      
The Remote connection security issues can be mitigated by following proper procedures defined by particular organization to its users(if you say as an organization for example).The best practices are
1. Managing the session Ids
2. Secured gateways should be used to connections
3. Avoid the n/w which are shared with multiple users, where cross site scripting / hacking is threat for the user.
4. Authentication and two way security options for connection sshould be used (For example unique security code should be sent to your mobile number abd asked to enter the same while connecting)
      

Related Questions

Navigate

• Browse (All)
• Browse I
• Subjects

Integrity-first tutoring: explanations and feedback only — we do not complete graded work. Learn more.