CMP71001 Common Web Security Vulnerabilities Assignment Sample

Subject Code : CMP71001
University : Southern Cross University My Assignment Services is not sponsored or endorsed by this college or university.
Subject Name : IT Computer Science

Cybersecurity

Contents

Introduction.

Risk Assessment

Asset 1- Student information database.

Asset 2- Webserver:

Asset 3- AI Lab.

Conclusion.

Reference.

Introduction to Common Web Security Vulnerabilities

Technology is a huge part of educational institutes. The cyber advancement lead to cyber vulnerabilities and threat on the assets. There is always a risk of security breach is those vulnerabilities are not taken care of. The protection of confidentiality, authentication, integrity, energy efficiency and availability of transmissions against malicious attacks is important to make the system safer (Bhushan & Sahoo, 2017). The following risk evaluation investigates vulnerabilities and control measure for three assets namely; student information database, webserver and AI lab. The impact and likelihood determines the level of the risk possess by the vulnerability and threat.

Amongst all these vulnerabilities and threat, the top three that possess highest risk to the cybersecurity of the Southern Cross University are:

Lack of proper access control could lead to unauthorised access by malicious intruder/hacker.

Improper session management and same session IDs may give hackers an opportunity to have access user’s previous session logged in from public computers. Students often uses public computer or network to login into the system. After they logged out, some other malicious user may use the same cookies to recover the sensitive data and information such as student profile and credit card details.

Poisoning attack could happen which disrupt the models and manipulate the outcome by feeding the corrupted sample data.

Risk Assessment

Asset 1- Student Information Database

Asset	Vulnerability & threat	Impact	Likelihood	Risk	Control(safeguard)
Student Info DB	lack of proper access control could lead to unauthorised access by malicious intruder/hacker	4	3	12(major)	• proper privilege scheme like RBAC • renaming/disabling the default admin user and password • creating and implementing least privilege policy for database users
Student Info DB	Accessing 3^rd party API through institute’s credential expose the institute and its data	3	4	12(major)	• Right 3^rd party API must integrate with the institute • Strong firewall protection to avoid leaking of data to the 3^rdparty. • Malicious web request must be blocked.
Student Info DB	Unmanaged database, which is often forgotten may loss or stolen, and may contain sensitive information	5	2	10(major)	• Archiving and encrypting database • Managing database through cloud deployment • Ensuring data backup strategy through backup devices.

Asset 2- Webserver:

Asset	Vulnerability & threat	Impact	Likelihood	Risk	Control(safeguard)
Webserver	Improper session management and same session IDs may give hackers an opportunity to have access user’s previous session logged in from public computers.	5	4	16 (Major)	· OWASP application security verification standard must be implemented to define authentication and session management · Avoiding exposing any credential in URL or Login information.
Webserver	Attackers may use cross site scripting or XSS vulnerabilities to execute malevolent scripts on the users (Maurer, 2015).	3	3	9(moderate)	· Input output encoding · Input fields must be white listed
Webserver	SQL injection which may allow attackers to alter SQL statement by changing the user data.	5	2	10 (Major)	· Avoiding displaying detailed error messages that may give information to the attackers. · Input filed must be whitelisted

Asset 3- AI Lab

Asset	Vulnerability & threat	Impact	Likelihood	Risk	Control(safeguard)
AI Lab	Poisoning attack could happen which disrupt the models and manipulate the outcome by feeding the corrupted sample data.	5	3	15 (major)	• Computer network intrusion system can be used to detect disruption of crafted sample data • Training AI system with poisoned data
AI lab	Adversarial attacks may modify input data to make machine learning algorithm malfunction and behave in unexpected manner.	4	2	8(moderate)	• Spam filtration algorithm can be useful in preventing avoid such attacks. • Biometric authentication
AI Lab	Attacker can trespass image based authentication by changing some pixels invisible to human eyes.	4	2	8(moderate)	• Human decision making must be introduced wherever threat is unavoidable • Finger print or retinal authentication can be used at sensitive stage.

Conclusion on Common Web Security Vulnerabilities

The above table recognise and analyse potential vulnerabilities and threats that could affect three assets namely; student database, webserver and AI lab of the South Cross university. The control measures are also suggested to enhance cybersecurity. It is important to realise the importance of cybersecurity in order to protect student’s privacy and other sensitive information.

Reference for Common Web Security Vulnerabilities

10 Most common web security vulnerabilities. (2020). Guru99. Retrieved from https://www.guru99.com/web-security-vulnerabilities.html

5 security risks of Artificial Intelligence- Enabled systems. (2019). The National Academic Press. Retrieved from https://www.nap.edu/read/25488/chapter/6

Bhushan, B, & Sahoo, G. (2017). Recent Advances in Attacks, Technical Challenges, Vulnerabilities and Their Countermeasures in Wireless Sensor Network. Wireless Personal Communications, 98(2), 2037-2077. Doi :10.1007/s11277-017-4962-0

Maurer, R. (2015). Top Database Security Threats and How to Mitigate Them. Retrieved from https://www.shrm.org/resourcesandtools/hr-topics/risk-management/pages/top-database-security-threats.aspx

Remember, at the center of any academic work, lies clarity and evidence. Should you need further assistance, do look up to our Computer Science Assignment Help