Explain why web applications have become such a target for hackers. In addition, choose one of the Top 10 vulnerabilities we covered in class and describe why you think it is important to securing web applications.
Reader Interactions
Comments
Leave a Reply
You must be logged in to post a comment.
Applications are a huge target for hackers because they sit on top of a database of highly valuable data. This could be anything from bank accounts, social security numbers, or anything leading to financial harm for a user, and financial benefit for a hacker. Think about the data base an online banking application sits on, or any credit card company or tax return software. If a hacker get’s into a database with this type of PII, they could have a field day. AN OWASP top ten vulnerability I find interesting is Sensitive Data Exposure, mostly because the concept seems more common sense but still remains on the Top Ten. This is important because highly sensitive data existing among other data needs to be looked at with more scrutiny, and requires extra protection. Personal information should not be stored or transmitted in clear text. This correlates well with encryption and proves that sensitive data should use encryption to mitigate breaches of clear text data. It’s important to encrypt all types of data, and make sure the methods are up to date and strong enough to effectively combat common hacker tools, and the computing power they may have at their disposal to solve weak encryptions, let alone access clear text.,
Web application is a program and it relates to web server and its databases. Hacker love to hack web application because if they can install a malware on web application or inject its SQL, hackers can steal the information of users who was visit the website and gain benefit by selling or using the users information. SQL injection makes me biggest impression because injecting SQL hacker can read sensitive data on database and modify data. This can cause big financial loss, reputation loss for a company. So I think SQL injection is a big issue for cybersecurity.
Web applications have been targeted by hackers because firewalls don’t work well these days, but Web applications must let users into their network/system to see and use their sites, which is what Web applications do.Hackers can exploit vulnerabilities opened by web applications to attack from web servers to database servers and obtain customer data.One example is SQL injection, which spoofs the system as long as the result is a single line.I think a glaring hole in web application security is the unsecured direct object reference.Web developers must ensure that the user name is not in the URL because the URL is shareable.Thus, if someone shares a URL when logging into their user account, the next person to click on that URL may have access to any information in that account
Web applications have become such a target for hackers because they often store valuable data such as credit card numbers, personally identifiable information (PII) and financial data. I think that A6-Sensitive Data Exposure is important in securing web applications. At first, sensitive data exposure leads to financial loss. Harkers use sensitive data in an illegal way. Secondly, the web application has low-level control, which is easy to get sensitive data. Finally, sensitive data exposure shows IT vulnerabilities.
The design of the application itself is not the target of the hacker, but the huge database behind the application. These data have PII, payment information and so on. This information is like money in a bank vault. When a hacker gets credit card information, he can turn it into money. OWASP security coding theory believes that the significance of OWASP is preventing the risk and vulnerability caused by improper operation in the process of program development. Web applications are even more important. A program needs to be protected when its source of code is exposed to the public. The SQL injection is a good example. Simple error with chatterer or symbols may cause a huge data breach.
Web applications have become a huge target for hackers because hackers will use a running script and malware to penetrate the system they want to take over. It’s easier to do this when the application is web-based because it’ll use access through the internet to try to get through the systems. While for example. if this was a form application, the process would differ and may present as a harder challenge/different process. One of the top 10 vulnerabilities we spoke about in class is the Cross Site Scripting. A hacker could easily send an individual a link containing malware, and if the person clicks the link the hacker gains access to that device. It’s so important to secure web applications because more often than not, we see people fall into phishing scams or even allow social engineering methods trick individuals into granting unauthorized access to sensitive data.
Web applications have become such a target for hackers because they are direct port into the database. Many web applications are either imputing information directly into databases or pulling information directly form the database or a combination of both. Therefore this gives hackers a public direct point of access.
Injection flaws are important to secure against because they are very easy to attempt. If someone already knows how to write SQL commands it takes very little effort to writ a command and submit it through to a web app. Hackers can use this to get unauthorized access or implant malicious code in a database. Because it is so easy to attempt and there are so many places where hackers can submit their script it is important to secure against this vulnerability.
Web applications have become such a target for hackers as more and more companies move their applications to web for convenience, so that the value of web applications becomes higher than before. In my opinion, injection flaws is the most important to securing web applications as injection is one of the most easy way for hackers to access your application without noticing anyone. Also they will have full access to the web application so that they can steal and change lots of data which will bring a huge loss for the company.