What do you think about the secrecy surrounding Skype’s encryption methods? How do you think it affects our privacy and security when using the platform?”
How do you to Identify EOL and OOS operating systems?
There are several steps that organizations can take to manage EOL and OOS operating systems, including:
Harnessing the Power of Vulnerability Scanners
Vulnerability scanners have proven to be effective weapons in the arsenal against EOL and OOS operating systems. Some popular vulnerability scanners include Tenable Nessus and OpenVAS. These scanners operate by scanning networks for EOL and OOS operating systems and cross-referencing detected software versions with a database of known vulnerabilities. If a vulnerability is found, the scanner generates a detailed report that can be used to remediate the vulnerability. https://www.cyberdefensemagazine.com/how-to-identify-and-respond-to-end-of-life-and-out-of-service-operating-systems/
You can use vulnerability scanners such as Nessus or OpenVAS to identify EOL/OOS systems. These scanners compare the software versions on your network to a database of known vulnerabilities and flag any outdated systems for attention.
What are some of the issues or questions you have about putting together your system security plan? For me is going back and forth between the documents and figuring out what goes where. Any thoughts?
One of the biggest misconceptions about the OWASP Top 10 is that most people think it’s an exhaustive list of all possible security vulnerabilities in web applications. In reality, it concentrates on the most common risks and may not encompass all potential threats.
There are a few ways to mitigate SQL injections in applications. Usually this involves parameterizing queries on the developer side so that SQL code is separated from user input. Additionally, implementing input validation, limiting user privileges through applications, sanitizing inputs, adding protection on the database side through firewalls and regularly patching applications and tools mitigates the risk from SQL injections.
I do not think there will ever be a real end to email spam. Even with the use of AI to filter spam, there’s a chance it will also filter out real emails. Additionally, AI is in use to craft spam emails and, more than likely, bypass spam filters. It would take someone developing an extremely complicated spam filtering engine that would need to heavily rely on AI/ML to determine for a user what actually is spam, especially against AI-based spam emails. Even then, this does not seem that feasible.
When talking about VoIP and the earlier days of the internet, it was very easy to find out a user’s IP address through Skype until roughly 2016. In examination, this information exploit through Skype was widely available for some number of years prior to being patched. What could have made Skype wait so long to patch this exploit?
Hi Nicholas, I think the biggest thing would be patches, as many of the attacks we learned in class could have been avoided had there just been an update to the system. However, one thing I learned recently, is limit the amount of software being used if it’s not necessary, as extra software on the system means extra vulnerabilities on the system. Another step would be to limit who has access to information depending on what their position in the company is. As having only 2 people who can access crucial data is a lot safer for a company than having 100 people who can see the important information.
Andrew Young says
In what ways can we effectively evaluate risks that the OWASP Top 10 identifies as difficult to test?
Ikenna Alajemba says
Name and explain The Three Rules of HIPAA for protecting patient health information.
Mariam Hazali says
What do you think about the secrecy surrounding Skype’s encryption methods? How do you think it affects our privacy and security when using the platform?”
Michael Obiukwu says
How can minimizing attack surface help in addressing the the OSWAP top 10?
Michael Obiukwu says
How do you to Identify EOL and OOS operating systems?
There are several steps that organizations can take to manage EOL and OOS operating systems, including:
Harnessing the Power of Vulnerability Scanners
Vulnerability scanners have proven to be effective weapons in the arsenal against EOL and OOS operating systems. Some popular vulnerability scanners include Tenable Nessus and OpenVAS. These scanners operate by scanning networks for EOL and OOS operating systems and cross-referencing detected software versions with a database of known vulnerabilities. If a vulnerability is found, the scanner generates a detailed report that can be used to remediate the vulnerability.
https://www.cyberdefensemagazine.com/how-to-identify-and-respond-to-end-of-life-and-out-of-service-operating-systems/
Kelly Conger says
You can use vulnerability scanners such as Nessus or OpenVAS to identify EOL/OOS systems. These scanners compare the software versions on your network to a database of known vulnerabilities and flag any outdated systems for attention.
Jeffrey Sullivan says
Has anyone ever been on the offensive side of CS and used and the tactics that this chapter went through?
Erskine Payton says
What are some of the issues or questions you have about putting together your system security plan? For me is going back and forth between the documents and figuring out what goes where. Any thoughts?
Kelly Conger says
What are some common misconceptions about the OWASP Top 10?
Mariam Hazali says
One of the biggest misconceptions about the OWASP Top 10 is that most people think it’s an exhaustive list of all possible security vulnerabilities in web applications. In reality, it concentrates on the most common risks and may not encompass all potential threats.
Chidi Okafor says
What specific measures can organizations undertake to secure their applications in light of the vulnerabilities outlined in chapter 8?
Samuel Omotosho says
How to mitigate SQL Injection risks?
Kenneth Saltisky says
Hi Samuel,
There are a few ways to mitigate SQL injections in applications. Usually this involves parameterizing queries on the developer side so that SQL code is separated from user input. Additionally, implementing input validation, limiting user privileges through applications, sanitizing inputs, adding protection on the database side through firewalls and regularly patching applications and tools mitigates the risk from SQL injections.
Alex Ruiz says
What strategies do you think is most effective in addressing the vulnerabilities outlined in the OWASP top 10 for the SDLC?
Hashem Alsharif says
Do you think there will ever truly be a solution to end email spam? if so, how?
Kenneth Saltisky says
Hi Hashem,
I do not think there will ever be a real end to email spam. Even with the use of AI to filter spam, there’s a chance it will also filter out real emails. Additionally, AI is in use to craft spam emails and, more than likely, bypass spam filters. It would take someone developing an extremely complicated spam filtering engine that would need to heavily rely on AI/ML to determine for a user what actually is spam, especially against AI-based spam emails. Even then, this does not seem that feasible.
Akintunde Akinmusire says
How are we integrating the suggestions provided by the OWASP Attack Surface Cheat Sheet into our security protocols?
Kenneth Saltisky says
When talking about VoIP and the earlier days of the internet, it was very easy to find out a user’s IP address through Skype until roughly 2016. In examination, this information exploit through Skype was widely available for some number of years prior to being patched. What could have made Skype wait so long to patch this exploit?
Nicholas Nirenberg says
What are the first steps an organization can take to make its apps more secure against hackers?
Hashem Alsharif says
Hi Nicholas, I think the biggest thing would be patches, as many of the attacks we learned in class could have been avoided had there just been an update to the system. However, one thing I learned recently, is limit the amount of software being used if it’s not necessary, as extra software on the system means extra vulnerabilities on the system. Another step would be to limit who has access to information depending on what their position in the company is. As having only 2 people who can access crucial data is a lot safer for a company than having 100 people who can see the important information.