Academic Integrity: tutoring, explanations, and feedback — we don’t complete graded work or submit on a student’s behalf.

I need anyone help me solve these questions !! The answers should be your own wo

ID: 3706911 • Letter: I

Question

I need anyone help me solve these questions !! The answers should be your own word, NO Plagiarism !!

Please do not copy from a book or from the same site or from other students' answers. The work should be your own answers.

Please do not answer the handwriting and be a computer writing NO NO handwriting answers.

TO NO considered AS Plagiari

According to Open Web Application Security Project (OWASP) Top 10 Application Security Risks Explain XML External Entities (XXE) and Broken Access Control and Security Misconfiguration in your own words

Explanation / Answer

1)Answer

Web based services of any requires a trusted mechanism by which money, sensitive Information or both can change hands. Hackers can have good opportunity with the web applications. Its difficult to provide security for web applications. But OWASP organizes security relevant information and offers solutions and best practices to prevent. They are

Code injection: hackers find ways to insert malicious executable code into legitimate traffic sent to an endpoint. Some examples include input validation, privilege setting for different actions, adding of extra layer of protection and others

Broken authentication and session management: compromising user identities in a variety of ways. Some examples include exposed accounts, passwords, session ID.

Cross-site scripting: similar to code injection, but involving scripts instead, drawn from inappropriate sources. For example the attacker could sent the victim a misleading email with a link containing malicious java script.

Insecure direct object references: obtaining file access when it’s not actually authorized.

Security misconfiguration: a failure of the admin, sometimes as simple as leaving passwords as defaults.

Sensitive data exposure: failure to shield data in proportion to its business value or customer sensitivity.

Missing function level access control: failure to verify functions are actually limited by access rights.

Cross-site request forgery: compromising an unexpected web application by leveraging validated authentication information. It is an attack that forces an end user to execute unwanted actions on a web application.

Components with known vulnerabilities: a vulnerable element, such as a Java class, hasn’t been patched.

Unvalidated redirects and forwards: sending web users to unexpected sites that serve hacker interests.

2)Answer:

XXE: XML EXTERNAL ENTITY

XML is vastly used. XML is both human readable and machine readable language and it is easy to define entities anywhere and externally. Data Type Definitions (DTDs), are what we shall be focusing on, since that’s where XML External Entity vulnerabilities occur. This is why the problem XXE comes into a picture. Attacker can abuse by using XML entities to request the exaction of certain files or even to return the contents of files if they know the structure of your web application for example. We can call this as XXE attack or Sever Side Request Forgery Attack(SSRF).

Broken Access Control:

It is one of the OWASP web application security risk list. This kind of attacks affect massive amount of web applications today. It occurs when the attacker changes the parameter value, which directly refers to a system object for which he is unauthorized. The occurrence is common in applications and API’s where all user request privileges are not verified. Easy to detect with manual testing but not open to automatic dynamic or static testing.

Security Misconfiguration:

The system could be completely compromised without you knowing it. All your data could be stolen or modified slowly over time. Recovery costs could be expensive. Security misconfiguration can happen at any level of an application stack, including the platform, web server, application server, framework, and custom code. Developers and network administrators need to work together to ensure that the entire stack is configured properly. Users with their own accounts that may attempt to compromise the system. Also consider insiders wanting to disguise their actions. Attacker accesses default accounts, unused pages, unpatched flaws, unprotected files and directories, etc.

Related Questions

I need answers and explanations... Multiple Choice Multiple Choice Section 12.1
Question #3659768
I need answers and work shown for Part 2 only. I need all times calculated based
Question #1499083
I need answers as soon as possible 1-What is the equation between compound inter
Question #1212970
I need answers before the clock runs out on Chegg. Take the \"Remaining Time\" a
Question #2837128
I need answers for 12-16. Thank you! 14. Assume all purchases are made on accoun
Question #2463135
I need answers for 17 and 18 Suppose the inverse labor supply curve is: w-5L. Th
Question #1116483
I need answers for 5, 8, 9, 13 and 14 acid and base pH lab report vT) Calculate
Question #521216
I need answers for C and D below and i have an example Star Color: (a) If a Blue
Question #111950
Hire Me For All Your Tutoring Needs
Integrity-first tutoring: clear explanations, guidance, and feedback.
Drop an Email at
drjack9650@gmail.com
Chat Now And Get Quote

Navigate

Previous
I need anyone help me solve these questions !! The answers should be your own wo
Next
I need anyone help me solve these questions !! The answers should be your own wo

Integrity-first tutoring: explanations and feedback only — we do not complete graded work. Learn more.