BN324 Enterprise Cyber Security and Management

Introduction 

In this generation, the uses of computing networks and technologies ate growing quickly that enables companies to reduce business problems and enables them to enhance organizational performance. Web applications are now developed by companies in order to provide products and services to customers and increase productivity or efficiency. In terms of effectiveness, web applications are more effective but not capable to reduce the security issues and risks posed by hackers and suffer from cyber-attacks. The aim of this research is to identify and analyze the security issues and risks associated with web applications and propose effective security controls so that privacy can be improved.

Feedback and reflection 

As per the provided feedback on part A, the introduction section needs to be improved as the previous section did not contain an effective introduction and significance of the research. I have included brief information about web applications and security issues linked with the web applications but I will cover the provided feedback in Part B by analyzing and reviewing the security issues using a literature review. The previous part did not cover the mitigation plans and programs dye to which it is difficult to manage security issues and improve the privacy of the web applications. The provided feedback on part A will be beneficial for me as I will be able to understand the limitations of the research and will cover that in part B.

Potential threats posed by Web Application attacks

Web applications are mainly connected with the computing networks and servers where it is easy for the hackers to perform cyber-attacks and reduce confidentiality of the companies and suffer from the hacking problems. Vanderlei, et al., [1] identified that web applications are less secured and hackers transfer malicious codes and unwanted suffer by which data can be hacked and privacy can be breached. There are three cyber-attacks and threats linked with web applications for example malware, DDoS and social engineering attack. More than 70% of the companies have implemented web applications where it is easy for hackers to perform cyber-attacks and transfer unwanted signals. Malware is one of the common security attacks performed by hackers over web applications due to their potential to transfer viruses or fraud signals over the web servers and enables the hackers to gain accessibility of the computing networks [2]. DDoS is another leading attack linked with web applications that use botnet programs in order to transfer unwanted or traffic signals over the computing networks and reduce the privacy of the web servers. The presence of DDoS based traffic signals in web applications can lead to reduce the privacy of the web servers used by the companies and produce data breach incidents due to which ethical and illegal concerns can be raised. Ethical concerns like a data breach, illegal activities and private data of the companies can be used by hackers to produce illegal concerns. Alidoosti, et al., [3] agreed and stated that web applications are not capable to detect unwanted signals and frauds transferred by hackers and sensitive data can be hacked easily. Major three risk factors are identified as leading security issues and threats in web applications including improper awareness, misconfiguration of the networks and improper security frameworks. It is important for the companies to manage these risk factors from web applications so that confidentiality can be maintained and data breach incidents can be minimized in a significant manner.

Recent Attack

In the year 2020, Flaction has suffered from a data breach incident where the hackers performed an SQL injection attack based on the web application that enabled the hackers to access the personal information of the users [6]. The cyber-attack posed by the hackers targeted web servers and computing networks linked with the web application and reduce the confidentialities of the connected systems. The threat actors were capable to access the personal information of the customers including webmails, ID and passwords and financial details without knowledge of the users. It is demonstrated that hackers stole the email and passwords of 8.3 million Feepik and Flaticon customers using SQL injection attacks. The connected security programs and servers were not capable to detect unwanted signals and SQL injection threats and the privacy of the web applications were reduced effectively. As the data breach incident, Freepik has been utilizing bcrypt in order to hash all the login credentials of the users and perform a complete security audit for finding the risk factors increased chances of data breach and hacking. It is found that web applications and servers were not connected with the security detection programs due to which the private details were hacked and the company suffered from privacy and performance issues. After this incident, management has hired an IT team and improved the privacy of the web applications by applying risk assessment plans and changing IT infrastructure.

Mitigation technique

After reviewing the security attacks and threats of a web application, it is recommended that companies should focus on the privacy of the web servers and develop effective security policies so that chances of hacking can be minimized [4]. In the security policy, a risk assessment plan should be implemented due to their potential to detect and identify the security risks related to the web applications and enables the companies to improve the security of the databases and servers. NIST security framework should be accessed by the companies in order to develop automated vulnerability scanning systems as NIST is capable to provide effective security phases by which data can be protected [5]. These security phases include identification, detection, monitoring, recovering and responding. In terms of effectiveness, a risk assessment based scanning plan is more effective and suitable for the web applications used by companies that can enable to detection of insider risks and protect web applications from cyber-criminals. More than 70% of the companies have implemented risk assessment plans for protecting web applications and security from hackers.

The web application firewall is another effective technique that should be applied over the web servers and applications of the companies due to their ability to identify the security threats and traffic signals from the systems. It is recommended that package filtering firewalls should be applied over the web applications and servers so that the unwanted or malware signals posed by the hackers can be detected and the chances of a data breach can be minimized. Today, around 85% of the companies are accessing web applications based on the firewall filters that help to monitor security vulnerabilities and improve confidentiality.

Securing Web application by standardization

Standardization of the business networks can be helpful for the companies to protect web applications from cyber-criminals because standardization includes pre-planned programs by which insider threats can be detected and strong passwords can be applied. It is recommended that business communities should implement penetration testing based standardization as it is capable to perform testing and detection related activities over web applications and security threats or vulnerabilities can be detected effectively [6]. The enterprise-level security can be improved by connecting penetrating testing standardization with the IT infrastructure and business models and malicious codes or unauthorized activities can be managed effectively.

Conclusion

It may be concluded that web applications are less effective to protect data against cyber-attacks and hackers can access login credentials easily. This research helped to enhance understanding of web application attacks and covered effective mitigation plans. It is found that misconfiguration of the servers can lead to reducing the privacy of the web applications. Therefore, it is suggested that companies should implement risk assessment plans and apply package filtering firewalls so that the privacy of web applications and servers can be improved effectively.

References

• , Vanderlei, J., Rocha, R., Araujo, G., Silva, F. Pacheco and, J., Dantas  “Analysis of Laravel Framework Security Techniques Against Web Application Attacks,” In 2021 16th Iberian Conference on Information Systems and Technologies (CISTI), pp. 1-7, 2021.
• S., Ali, A.S.B., Shibghatullah, A.H., Alhilali, S., Al-Khammasi, M.F. Kadhim and, H.K., Fatlawi, “A comparative analysis and performance evaluation of web application protection techniques against injection attacks,” International Journal of Mobile Communications, vol. 18, no. 2, pp.196-228, 2020.
• , Alidoosti, A. Nowroozi and, A., Nickabadi, “Evaluating the web‐application resiliency to business‐layer DoS attacks,” ETRI Journal, vol. 42, no. 3, pp.433-445, 2020.
• , Squarcina, M., Tempesta, L., Veronese, S. Calzavara and, M., Maffei, “Can I Take Your Subdomain?" Exploring Same-Site Attacks in the Modern Web,” In 30th {USENIX} Security Symposium ({USENIX} Security 21), pp. 2917-2934, 2021.
• , Jemal, M.A., Haddar, O. Cheikhrouhou and, A., Mahfoudhi, “ASCII embedding: an efficient deep learning method for web attacks detection,” In Mediterranean Conference on Pattern Recognition and Artificial Intelligence, pp. 286-297, 2020.
• Duncan, “8.3M records of Freepik and Flaticon users stolen in SQL injection attack”, Available at: https://siliconangle.com/2020/08/24/8-3m-records-freepik-flaticon-users-stolen-sql-injection-attack/[Accessed 11/9/21].

Are you seeking reliable essay help from academic experts in the UK? At Myassignmenthelp.co.uk, we have searched high and low to recruit the top paper writers in the UK who can provide you with the best assignment help. Most of these professionals have completed their PhDs from top universities in the UK. Therefore, they’re the best at resolving every "Who can do my assignment for me?" query.

These professionals undergo intense training to provide coursework help services within strict deadlines. Hence, you don’t have to waste precious seconds wondering, “Can your experts write my assignment within the deadline?" Instead, rest assured that our experts will consistently deliver top-quality work within the due date.