Academic Integrity: tutoring, explanations, and feedback — we don’t complete graded work or submit on a student’s behalf.

Week 3 Discussion\' Browsers and websites are one of the most common pathways fo

ID: 3851259 • Letter: W

Question

Week 3 Discussion'

Browsers and websites are one of the most common pathways for adversaries into your network. What are some common ways to ensure that applications are securing?

If you do online banking, or use secure websites to enter sensitive personal information (credit cards #s etc), how can you ensure that you have a secure connection to the site your actually want to work with?

TEXTBOOKS:

Prowse, D.L. CompTIA Security+ SY0-401 Cert Guide, Academic 1st Edition, Pearson. ISBN-13: 978-0789753632 ISBN-10: 0789753634

Explanation / Answer

Common ways to ensure that applications are securing:-

In order to be truly secure, a web application should be immune to SQL injections, session hijackings, session tampering, cross site scripting and brute force attacks among other vulnerabilities.

Application access :

Application access security is implemented by "Roles and Rights Management." A thorough testing of all roles and rights is thus needed to ensure that every role accesses its own screens, forms and modules.

Data protection :

Data encryption is a critical security test. Any data stored in the database like passwords, user accounts and credit card information must always be encrypted. In addition, the flow of critical business information, even within the application must be encrypted to make it safe.

SQL injections :

SQL injections are the most prevalent and dangerous attacks on the Internet today. They take advantage of web application vulnerabilities to take control of databases which exposes confidential information.

XSS (Cross Site Scripting) :

XSS vulnerabilities arise where web applications dynamically include data from users in web pages without proper validation. By use of JavaScript embedded on a web page, a malicious user can control the victim's browser by passing normal security restrictions. To protect against XSS, developers must ensure that dynamically-generated pages do not contain undesired tags.

How can you ensure that you have a secure connection while doing online banking or use secure websites to enter sensitive personal information?

Evaluating Mobile Device Trustworthiness

Building popular apps means being able to support a broad range of operating environments and devices. This also means that the app is exposed to potential vulnerabilities across supported devices.

Safeguarding Devices

When building and deploying applications, there are common development and testing practices used. While these are excellent security procedures to follow, cybercriminals don’t need to prey upon security flaws in the application to exploit it.

Establishing User Identification

A commonly used user identification method relies on profiling as a means of identifying fraudulent transactions. Due to the statistical nature of some approaches, false negatives and false positives frequently occur. Cybercriminals take many steps to perform fraudulent transactions under the radar of this security layer, exhibiting as many characteristics of normal, customer-generated transactions as possible.

Protecting Session Information

Today’s malware includes a wide variety of attack types. Data- and credential-stealing malware comes in the form of fake applications, SMS stealers and PC/mobile combination malware. Mobile malware can dynamically change the user experience by creating an overlay of a malicious screen on top of the legitimate application — one that the unknowing user will seamlessly interact with. This allows the extraction of personal identifiable information and personal data.

Preventing Cross-Channel Infections

A cross-channel infection is an infection on the mobile device caused by malware on the user’s PC. A message will appear on the user’s PC from a trusted service provider such as a bank or social media platform and it will prompt the user to carry out an action. Once users provide a phone number or scan a QR code, they receives an SMS with a link to install a so-called security app. Instead, this link downloads a malicious app that is actually an extension of the PC malware.

Related Questions

Week 2 - Is Emotional Intelligence just another word for Maturity? a. the correl
Question #428399
Week 2 11 Balls \'n All paid the full amount owing on their account. 11 Made cas
Question #2416152
Week 2 Assignment I need help with a paper on Global Economy, with an introducti
Question #1162648
Week 2 Assignment Use Minitab or other technology only as directed on this assig
Question #3367310
Week 2 Assignment: Northern County Legal Services Case Read the Northern County
Question #448035
Week 2 Biological Bases of Behavior Please respond to the following. 1. Select a
Question #3476552
Week 2 Critical Thinking Exercise The mechanisms behind the origin of life have
Question #275269
Week 2 DQs - MANG ECO How would you determine the economic profit of a company?
Question #1151545
Hire Me For All Your Tutoring Needs
Integrity-first tutoring: clear explanations, guidance, and feedback.
Drop an Email at
drjack9650@gmail.com
Chat Now And Get Quote

Navigate

Previous
Week 3 Discussion, Entertainment Think about your guests - who are they? It is v
Next
Week 3 Forum: Problem Oriented Policing This week, only one post is required, bu

Integrity-first tutoring: explanations and feedback only — we do not complete graded work. Learn more.