Need Help With This Assignment?

Let Our Team of Professional Writers Write a PLAGIARISM-FREE Paper for You!

Ensuring the Safety of Web Applications

Ensuring the Safety of Web Applications

A web application refers to an application stored on a remote server and often delivered through a browser interface. The security of web applications has been identified as a complex process because web applications are based on diverse components, including but not limited to legacy components, servers, operating systems, and company-developed code. Furthermore, these web applications often include multiple settings, folders, pages, parameters, and authentication methods (Hashim et al., 2021, p. 3). Each aspect often represents an attack surface that hackers can utilize to serve their malicious interests. Thus, these web applications require information security measures to defend confidential information from being accessed by unauthorized parties, disclosed to the public, disrupted, or modified in any way possible. Preventing an organization from experiencing these kinds of threats requires the implementation of a significant amount of effort, insight, and investment (Hashim et al., 2021, p. 4). Apart from utilizing network restrictions as one layer of defense, this paper will discuss other principles of defense that can be adopted to improve the safety of web applications.

Do you need help with your assignment ? Contact us.

One of the principles that can be adopted to improve the safety of web applications is the least privilege principle. This principle works in the sense that an application is not required to utilize the root (MySQL), Postgres (PostgreSQL), or SYSDBA (Oracle Database) to connect to its respective database (Schoenfield, 2015, p. 293). Additionally, it is wrong for an organization to run demonstrations or services as root (Linux) or Administrator unless there is a specific and justifiable reason for this to be done (Schoenfield, 2015, p. 294). Therefore, it is paramount for an application to be provided with the least privileges possible that permit it to work effectively while others are disabled. Running web applications connected to a database through a privileged user account enhances the work of an attacker in the event of an SQL injection vulnerability (Schoenfield, 2015, p. 294). This is because it permits the attacker to run SQL queries as a database administrator, and in some cases, the attacker may also execute operating system commands. The execution of operating system commands permits the attacker to perform a reconnaissance exercise, thus escalating the attack even further.

Therefore, it is essential to ensure that web applications operate on limited privileges. This is because running a web application composed of administrative privileges has often been realized to defeat a tried-and-tested security model that has been around for quite some time. The administrative privileges allow the attacker or rogue applications to inflict more damage in the event of a data breach on the organization’s system (Schoenfield, 2015, p. 296). The layer of defense under this principle requires that web applications are operated under restricted, non-administrative privileges so that these privileges can only be modified per-need basis.

The other layer of defense that can be put in place to prevent attacks on web applications is parameterizing SQL queries. Even though encryption of database tables, together with restricting access to a database server, has been identified as valid security measures, developing an application with the capability to withstand SQL injection attacks is also another essential web application defense mechanism. In this defense strategy, the parameterized queries are easy to write and define as they relate to SQL statements. The developer would then be required to pass each parameter to the query after the SQL statement has been defined, thus permitting the database to tell apart the SQL command from the data entered by the user (Abaimov & Martellini, 2022, p. 95). Therefore, if the attacker inserts SQL commands, these parameterized queries would simply treat the input as a string instead of an SQL command.

The last layer of defense to be discussed in this paper concerning web applications is logging everything and ensuring that revisit measures occur frequently. While most defense strategies are focused on preventing data breaches from occurring at the onset, the essential aspect of this entire process is determining when the attack is underway and what transpires after the attack has been executed (Abaimov & Martellini, 2022, p. 96). Mitigating the effects of a data breach can only be possible if attention is focused on early warning signs. Logs are an important aspect of any system or web application because they aid in close monitoring of performance, resource usage, uptime, and other forms of data (Abaimov & Martellini, 2022, p. 102). These logs also come in handy when detecting and monitoring attacks on web applications. Logging informs an organization about what incidents occurred at what time, hence creating a difference in identifying a breach early enough, thus preventing the attacker from pulling off a heist.

References

Abaimov, S., & Martellini, M. (2022). Defence. In Machine Learning for Cyber Agents: Attack and Defence (pp. 91-113). Cham: Springer International Publishing.

Hashim, A., Medani, R., & Attia, T. A. (2021, February). Defenses against web application attacks and detecting phishing links using machine learning. In 2020, the International Conference on Computer, control, electrical, and Electronics Engineering (ICE) (pp. 1-6). IEEE.

Schoenfield, B. S. (2015). Securing systems: Applied security architecture and threat models. CRC Press.

ORDER A PLAGIARISM-FREE PAPER HERE

We’ll write everything from scratch

Question 


The network restrictions surrounding the web authentication service is one layer of defense. As was noted, this component is too valuable to trust to a single defense. Furthermore, authentication requests are tendered by the least-trusted component in the architecture. That component, HTTP termination, resides on the least-trusted network. What additional steps can be taken?

Ensuring the Safety of Web Applications

Ensuring the Safety of Web Applications

Answer the questions using an APA-formatted paper (Title page, body and references only). Your response should have a minimum of 750 words. Count the words only in the body of your response, not the references. A table of contents and abstract are not required.
A minimum of THREE references are required. One reference for the book is acceptable but multiple references are allowed. There should be multiple citations within the body of the paper. Note that an in-text citation includes author’s name, year of publication and the page number where the paraphrased material is located.
Your paper must be submitted to SafeAssign. The resulting score should not exceed 35%.