Free Essay

Security for Web Applications

In: Computers and Technology

Submitted By vsandeep1818
Words 1000
Pages 4
RECENT CYBER ATTACKS
SANDEEP VEMULAPALLI
12917417
IA-606
ST.CLOUD STATE UNIVERSITY
SEP4, 2015

Cyber Attack:
The attempt of breaching the security layers of an organization or a system by disrupting the network and there by accessing, stealing, modifying or destroying the valuable data and using the data for fraudulent purposes, causing a loss to the organization is called a Cyber Attack

Origin:
The idea of cyber attacks began at the earlier development of World Wide Web (www) in this stage there was not much harm to the organization but as there was advancement in technology the number of hackers increased day by day and also the effectiveness of the hacking technology has increased a lot which results a severe damage to the organization In more recent times many organizations like manufacturing companies, IT companies, banks and health care providers have been prone to the cyber theft and they lost huge volume of information which incurred huge losses to the companies. Some of the examples include the attack on Target, Primera Blue Cross, E-Bay, JP Morgan Chase bank Sony PSN and many other. These attacks have happened because of poor security measures and the loopholes in the system by which hackers gained access and made the companies to compromise a huge volume of information.
Cyber Attack on Primera Blue Cross:
Primera blue cross is one of the leading insurance company in Washington .It has undergone a cyber attack on May 5th and the breach was not known till Jan 29th. The organization said that a large volume of 11 millions of its customers information like their Email id,Social Security Number, Date Of Birth, bank accounts and phone numbers have been exposed to them and now the company is working with FBI to investigate this cyber attack

Cyber-Attack on EBAY On 3 February 2014 EBAY has undergone a massive security breach where it has lost the information of the customers. The Hackers broke into their database and had stolen the login accounts of company’s senior employees who have access to customer’s ‘accounts. They stole the customer’s names, encrypted passwords, email-ids, phone numbers, birthday dates and also the security questions. Nearly 145 million users are requested to change their passwords by EBAY. This is biggest cyber-attack that eBay has ever faced losing all the valuable information of customers. Though the Company didn’t conform who is behind this attack, the Syrian Electronic Army claimed the responsibility.

Cyber-Attack on Social Networking Sites In recent years, the social networking sites like Facebook and Twitter have faced many cyber-attacks, losing a lot of user information. In 2013, Facebook has faced a security breach where 318,000 user accounts have been prone to cyber-attack. This happened due to the use of malicious key logger software called Pony. When the user goes to a particular website then the key logger software gets activated and the keystrokes of the user gets recorded and thereby getting the login information. Trust wave a privately held information security company that provides on demand security, found that the Facebook passwords are collected from October 21st and the key loggers are still active on some websites. The people behind these attacks are not found and the information collected is not made public. Twitter also been to the prone to cyber-attack. It has lost the information of 250000 people, their usernames and passwords, after which it discovered that their site is prone to attack. Twitter’s director of information security, Bob Lord said that the Hackers are very proficient and the same thing happened many other organizations like them. Many other sites like Adobe have also became of cyber-attack where it lost the information of 38 million users and the information is made online by placing the information in a zip file which can be downloaded by any other user. Along with this it also lost the source code of other adobe products.
Cyber-attack on Sony Sony, which is the leading giant in online gaming has undergone a cyber-attack. The Hackers who claim themselves as “Lizard Squad” had taken down several popular online video game networks. The hackers used a technique called Distributed Denial of Service (DDoS) attack where the network is flooded by illegitimate traffic, avoiding millions of users to play together. The Hackers also stole the credit card information of 77 million users and also making the play station network offline for 24 days. This attack incurred a loss of 171 million to the Sony, which is the major attack in the year 2011.
Cyber Attack on JP Morgan Bank JP Morgan Chase Bank, one of the Americas largest banking and financial institution has undergone a cyber-attack along with four other banks, in August 2014. The account details of customers have been compromised. The customer’s savings account and checking accounts have been hacked and their data is hijacked. The motivation behind this attack might be financial or as a part of Espionage. This is a hactivistic operation. They believe that Russian hackers might have been behind this attack but still it’s unclear. Thought the users account details were compromised the hackers didn’t steal the money from customers. If they have used the information of customers then JP Morgan Chase Bank could have incurred huge losses and could have been the biggest cyber-attack of this year.
LAWS ON CYBER ATTACKS: As the Cyber Attacks has increased due to the advancement in technology the government also has passed some laws. There are mainly three Federal Regulations on cyber attacks, they are * Health Insurance Portability and Accountability Act(HIPAA) in 1996 * Gram -Leach -Bliley Act in 1999 * Homeland Security Act in 2002
These all the Acts protects the data of Health Organizations, Insurance Companies etc..

REFERENCES
1) http://www.doctrackr.com/blog/bid/366752/The-Most-Devastating-Cyber-Attacks-of-2013
2) http://www.forbes.com/sites/jaymcgregor/2014/07/28/the-top-5-most-brutal-cyber-attacks-of-2014-so-far/…...

Similar Documents

Free Essay

Web Applications

...One dozen trusted Web Apps Web Apps are computer software applications which have right to use over the network like Internet and intranet. There are numerous web apps that are gaining popularity and are trusted by the users. These web apps provide compatibility to thousands of computer clients as it can be operated in any modern browser or mobile OS. 1. Money: Money is termed as another food to survive in this world. Monetary balance is very essential to manage business and personal life online. To deal with the finances, cash flows and to make the sites financially viable there are applications like: Mint: This application has found ways to administer the finances online in a convenient way. It will check the accounts and track your budgets. Freshbooks: This app provides an easier platform to raise online invoices for the clients within the time specified and also facilitate collection of payment through Paypal. . 2. Presentations: This is a kind of apps that is ruled by the phrase “First Impression is the last impression”. In this application one can present his idea, his thought, his believe visually and make the things in their favour. This kind of app is gaining popularity in corporate sector where everything needs to be discussed at various levels to get it executed and describing the idea again and again can sometimes lose its vision so presenting the thought through various presentation is the most suitable technique. One of the apps is Animoto: ......

Words: 714 - Pages: 3

Premium Essay

Web Application Security

...Assignment 7 You may search these terms from the web resource links available under Resources to expand on the terminology and/or usage. If you do so, you must provide the reference to the resource as well as cite in your answer with (author, year, and page or paragraph number(s). 1. Create a Word document and name it CS680-Assignment_7_FirstName_LastName.doc(x) (with your name substituted for first name and last name). 2. Part I: put questions in the above file with their respective question numbers and answers, for the following: • From the SINN book – Chapter 7, Review Questions 2 to 22 even p. 292 • From the GREMB book -- Chapter 10, Review Questions 2 to 20 even pp. 275-277 3. Part II: visit the following three sites: • http://www.ieee.org • http://www.PMI.org • http://www.webappsec.org For Each of the three sides find three societies or special interest groups that deal with security, application security, or Web application security. Write a synopsis of what the organization does, and how the society or special interest group can help you become more successful Web developer when it comes to implementing security into your software design. This question must be answered with at least 60 words each part with proper citations, proper references, and formatting. Combine the answers into the same above file. From the SINN book – Chapter 7, Review Questions 2 to 22 even p. 292 2. _____________ is concerned with what an identity is allowed to......

Words: 2041 - Pages: 9

Premium Essay

Directions for Web and E-Commerce Application Security

...National Instituate of Technology,Rourkela Department of Computer Science and Engineering Term Paper on Directions for Web and E-Commerce Applications Security SupervisorProf.P.M. Khilar Submitted byDinesh Shende Roll No-212CS2102 M.Tech(1st year) Directions for Web and E-Commerce Applications Security Abstract: This paper provides directions for web and e-commerce applications security. In particular, access control policies, workflow security, XML security and federated database security issues pertaining to the web and e-commerce applications are discussed. These security measures must be implemented so that they do not inhibit or dissuade the intended e-commerce operation. This paper will discuss pertinent network and computer security issues and will present some of the threats to e-commerce and customer privacy. These threats originate from both hackers as well as the e-commerce site itself. Another threat may originate at ostensibly friendly companies such as DoubleClick, MemberWorks and similar firms that collect customer information and route it to other firms. Much of this transaction information is able to be associated with a specific person making these seemingly friendly actions potential threats to consumer privacy. Many of the issues and countermeasure discussed here come from experiences derived with consulting with clients on how to maintain secure e-commerce facilities. These methods and techniques can be useful in a variety of client and......

Words: 3283 - Pages: 14

Premium Essay

Web Application

...ability of the World Wide Web. Internet security, however, is one area of concern and poses one of the biggest challenges to this internet savvy era. Our interaction with the internet has increased to such an extent , that experience, mixed with continued research has taught us that with each such interaction, we are prone to many malicious attacks, security lapses and even extremely skilled hacking operations. The field of Network Security and Cryptography has come a long way in the past decade, but it is safe to say that there is a lot more work to be done. Here we choose to concentrate on Web Applications and we particularly approach them from the developer’s perspective. With every step taken towards better security on the internet, end-users are doing their bit to safeguard their systems and data. However, keeping in mind how commercial and competitive the world we live in has become and the manner in which the market for web related products has grown, it becomes imperative for a developer to ensure that his web application is not just marketable as a breakthrough user friendly concept but also as a secure one. We imagine a world where, every skilled developer is able to make phenomenal applications and is able to provide his users with a large amount of credibility and reliability in terms of security. We aim to conceptualize and subsequently generate a security tool exclusively for the developer, which will be able to scan his work for security lapses and......

Words: 6435 - Pages: 26

Premium Essay

Web Security

...| Contact Number | (M) 9722266247 | Date of Birth | 12/01/1991 | Gender | Male | Hobby | Playing cricket , To make Dj Remix Songs, Djing, Social Networking. | E-mail | princeikhanna@yahoo.co.in coolprinceahmedabad@gmail.com | Known Languages | Gujarati , Hindi , English , Punjabi | | | SKILL | Languages | C, C++, Java,Visual Basic.NET | Web Technologies | ------------------------ | RDBMS | SQL Oracle, MS Access | Software Packages | MS Office, Rational Rose, Visual Studio, MS Visio. | Technologies Known | ASP.NET,ADO.NET | Operating Systems | MS-DOS, XP, WINDOWS – VISTA, WONDOWS – 7, WINDOWS - 8 | Project Work | 1. E – Booking System: This is Web Based Application .Those Who Want to Book a Particular Air Flight or Want to See the Status of an Air Flight Or if Any Body Wants To See The Status Of the Air Flight then He\She Can do all the above things within a single website…!!!. Front End : Visual Basic.NET, Ado.net Back End : Microsoft SQL Database Semester : Third Year B.C.A. Institute : Shri Chimanbhai Patel Institute of Computer Applications. STARARE AREA OF INTEREST | RENGTHS S Web-Site and Software Development, System Analyst. STRENGTHS | * Adaptation to various working environments. * Sincere, flexible, Teamwork, Hard Working, Honest. I hereby declare that all the details mentioned above are true . Khanna Prince .I. ...

Words: 315 - Pages: 2

Premium Essay

Web Application Security Unit 9 Assignment

...Unit 9 Discussion 1: Business anywhere-Security and the mobile User The need for employees to check their emails and keep in touch with customers is becoming more and more of a frequent need to keep business moving. National Express Packaging’s employees are in need of using end point devices such as mobile phones, tablets, laptops and USB devices to access company information. There have been various requests upon this subject per department and it is necessary to provide specific end point devices to the various departments only depending on what they need. The sales team only needs to check email and their work contacts frequently. A mobile device such as a cell phone can be used in this case for this department. The sales employees will be able to check their email at any time providing they have an encrypted connection to go along with their email. This device can be provided by the company or they can use their own device but a policy must be in place if the personal mobile device will be used. The Service team needs to be able to check online for packaging rates and be able to chat with users. In this department, it is best to use a tablet in the case that the tablet will have internet access and will use a specific application to be able to chat with customers. For the IT department, users should have the ability to use a laptop as they will be doing more rigorous activities. The laptop must be secured and hardened to prevent remote attacks. In order to connect to to...

Words: 493 - Pages: 2

Premium Essay

Build a Web Applications and Security Development Life Cycle Plan

...Build a Web Applications and Security Development Life Cycle Plan What are the elements of a successful SDL? The elements of a successful SDL include a central group within the company (or software development organization) that drives the development and evolution of security best practices and process improvements, serves as a source of expertise for the organization as a whole, and performs a review (the Final Security Review or FSR) before software is released. What are the activities that occur within each phase? Training Phase- Core Security Training Requirements Phase- Establish security requirements, create Quality Gates/Bug Bars, perform Privacy Risk assesments. Design Phase-Establish Design Requirements, perform Attack Surface Analysis/Reduction, use Threat Modeling Implementation Phase- Use approved tools, Deprecate unsafe functions perform static analysis Verification Phase- Perform Dynamic Analysis, Perform Fuzz Testing, Conduct Attack Surface Review Release Phase- Create an incident Response Plan, Conduct Final Security Review, Certify release and archive Response Phase- Execute Incident Response Plan Phase Activities Roles Tools Requirements - Establish Security Requirements -Create Quality Gates/Bug Bars -Perform Security and Privacy Risk Assessments -Project Managers -Security Analysts -Microsoft SDL Process Template for Visual Studio Team System - MSF-Agile + SDL Process Template Design -Establish Design Requirements -Perform Attack Surface...

Words: 2006 - Pages: 9

Premium Essay

Web Security

...Web security Web sites are unfortunately prone to security risks. And so are any networks to which web servers are connected. Web servers by design open a window between a network and the world. The care taken with server maintenance, web application updates and a web site coding will define the size of that window, limit the kind of information that can pass through it and thus establish the degree of web security. "Web security" is relative and has two components, one internal and one public. Relative security is high if it has few network resources of financial value, the company and site aren't controversial in any way, the network is set up with tight permissions, web server is patched up to date with all settings done correctly, applications on the web server are all patched and updated, and web site code is done to high standards. Web security is relatively lower if the related company has financial assets like credit card or identity information, if web site content is controversial; servers, applications and site code are complex or old and are maintained by an underfunded or outsourced IT department. Web site undoubtedly provides some means of communication with its visitors. In every place that interaction is possible that have a potential web security vulnerability. Web sites often invite visitors to: • Load a new page containing dynamic content • Search for a product or location • Fill out a contact form • Search the site content ......

Words: 827 - Pages: 4

Premium Essay

Web Application

...The Software Development Client has requested the creation of a Secure Web Application, which is a designed to guide your customers through the process of creating supply orders . The web application will be a web-based solution using the supported corporate Internet Explorer and Firefox browsers. It will be developed using ASP.Net MVC and Sql Server 2008. This is based on the superior performance, reliability and availability of qualified developers to support the application for the long run. Our ultimate deliverable goes beyond a well-tested production-ready software application. We also provide project specification, clear design documents, user / technical manuals, and a testing / development environment so that development can easily continue beyond the scope of this project. While our goal is a long-term relationship with Software Development Client, as professionals, we will produce a structure that can be maintained or extended by anyone familiar with .Net and Sql Server. We will establish specific deliverable timetables based on the Software Development Clients schedule and requirements. We are currently anticipating a two month project timeframe. Should you decide to move forward, we have three software development team members who would be ready to begin the project two weeks from the date of acceptance. I will personally act as Client Liaison / Project Manager and will be involved with your project on an on-going basis. We will also be......

Words: 259 - Pages: 2

Premium Essay

Web Security

...Web Security World Wide Web When the internet hit popularity, many people were not aware what the first three letters meant in the url of a Website. It meant World Wide Web, but now that has been taken to a new level. The initial implication was that anything in the world could be accessed through a computer. The information was accessed by typing a word or phrase in the filed box. World Wide Web has taken on a new meaning and it has made people very angry, cautious and mistrusting. What has been happening is the people that are well versed in the subject of technology are using their knowledge maliciously. The problem is not only worldwide; it is beginning to increase by leaps and bounds. Website developers now have to implement security measures to protect user’s personal information. An article (Neville-Neil, 2007), explains that there are three “…main problems that people are trying to solve by building secure Web applications:” * The first problem most people encounter is authentication. How does the application know who is accessing it and what they are allowed to access? * Problem two is the ability of an attacker to trick users, once they have authenticated, into doing work on the attacker’s behalf. I call this problem request forgery. * The last problem is the risk involved in hosting UGC (user-generated content) on a Web site. The problems listed above are now prompting Web developers to build secure Websites. Of course, developers......

Words: 575 - Pages: 3

Premium Essay

Web Applications

...The World Wide Web (WWW) has become the largest sources of information. However, its content cannot be manipulated in a general way because of two main issues: (1) Finding relevant information is a difficult task and (2) the web is unstructured. Search engines such as Altavista, Google, Lycos, and many others offer some form of structure and comfort to users, however, their query facilities are often limited and come in the form of HTML pages. Most of the information present on the web is stored in a HTML format. HTML is a semi-structured format designed to describe and create the layout of the web pages. HTML is not responsible for the content displayed. These factors have initiated a need and desire to develop data mining techniques. In this paper, I will address the problem of extracting data from the web and I will analyze some of the techniques to approach web mining. Web Applications A Web application is one that is invoked with a client/browser over the internet, intranet, or extranet. A web-based application allows the information processing functions to be initiated remotely from a client/browser and executed partly on a Web, application, or database server. These applications are specifically designed to be executed in a Web-based environment. The internet provides, what appears to be, a wide variety of websites. There are actually two types of websites. Hypertext Markup Language (HTML) or static websites and Web Software (web application). HTML......

Words: 1045 - Pages: 5

Premium Essay

Web Application

...Web Application CIS/207 Web Application Since its inception for public use, the internet has grown to an enormous size. According to the United States Census close to 80 percent of individuals over 15 years of age are connected to the internet (US Census, 2012). 8 out of 10 people are using smart phone technology or have some type of connected device that allows them to update or browse online media. One of the popular web applications hot in the market today is social media. From the world of blogging came a medium that allows people to maintain constant to-the-second updates on the world around them. The top three examples of social media applications are Facebook, Twitter, and Pinterest. Facebook is leading this market with three times the monthly traffic compared to its competitors (eBiz, 2014). Facebook Facebook was established at Harvard University by Mark Zuckerberg in 2004 as a college campus social blogging site. Zuckerberg hacked the university website to obtain pictures of students and posted them on his website for users to view and make comments. This evolved into a social web application that spread to universities all over the United States. He reorganized and recoded the application into what is known today as Facebook. Facebook is a web application that allows users to sign up for a personal profile page. Users can communicate with other users through private and public chat or postings. Users can post pictures, create a profile, and update their......

Words: 774 - Pages: 4

Free Essay

Web Application Security

...Web Server Application Attacks Brooks Gunn Professor Nyeanchi CIS 502 July 10, 2013 Web Server Application Attacks Many organizations have begun to use web applications instead of client/server or distributed applications. These applications has provided organizations with better network performance, lower cost of ownership, thinner clients, and a way for any user to access the application. We applications significantly reduce the number of software programs that must be installed and maintained in end user workstations (Gregory 2010). Web applications are becoming a primary target for cyber criminals and hackers. They have become major targets because of the enormous amounts of data being shared through these applications and they are so often used to manage valuable information. Some criminals simply just want vandalize and cause harm to operations. There are several different types of web application attacks. Directory traversal, buffer overflows, and SQL injections are three of the more common attacks. One of the most common attacks on web based applications is directory traversal. This attack’s main purpose is the have an application access a computer file that is not intended to be accessible. It is a form of HTTP exploit in which the hacker will use the software on a Web server to access data in a directory other than the server’s root directory. The hacker could possibly execute......

Words: 1620 - Pages: 7

Premium Essay

Web Application

...CSC581: Advanced Software Engineering Web Application Architectures Manar Alqarni Abstract As the difficulty of web application grows, the need to develop an architecture for the web application is become necessary in order to support and guide an organization for web system planning, maintenance, deployment, building and design. This research paper presents an abstract view for web application architecture and it will be focused on the comparison of existing applications architecture. Moreover, it discusses the advantages and disadvantages of these architectural designs. Key words Web application, Architecture, Framework, MVC, Ajax, SOFEA. 1. Introduction The history of web application has begun when Tim Berners-Lee and his colleagues in 1989 were working together on their project for a distributed hypertext system, they did not have a clue of how the World Wide Web would look alike tomorrow [1]. While many of documents and accessible resources on the web were growing, also the different category of programming languages and technologies for web page generation increased. Additionally, the different category of programming languages and technologies caused a growth in the variety of possibilities and applications on the web [3]. Nowadays, the World Wide Web or WWW is not only of an huge information system that consists of million documents and information, it can also host distributed applications that give a concurrent access to......

Words: 2759 - Pages: 12

Premium Essay

Web Application

...Journal of Web Engineering, Vol. 2, No.3 (2004) 193-212 © Rinton Press Requirements Engineering for Web Applications – A Comparative Study M. JOSÉ ESCALONA University of Seville. Spain escalona@lsi.us.es NORA KOCH University of Munich (LMU) and F.A.S.T. GmbH, Germany kochn@informatik.uni-muenchen.de koch@fast.de Received (to be filled by the JWE editorial) Revised (to be filled by the JWE editorial) The requirements engineering discipline has become more and more important in the last years. Tasks such as the requirements elicitation, the specification of requirements or the requirements validation are essential to assure the quality of the resulting software. The development of Web systems usually involves more heterogeneous stakeholders than the construction of traditional software. In addition, Web systems have additional requirements for the navigational and multimedia aspects as well as for the usability as no training is possible. Therefore a thoroughly requirements analysis is even more relevant. In contrast, most of the methodologies that have been proposed for the development of Web applications focus on the design paying less attention to the requirements engineering. This paper is a comparative study of the requirements handling in Web methodologies showing trends in the use of techniques for capturing, specifying and validating Web requirements. Keywords: Requirements Engineering, Web methodology, survey Communicated by: (to be......

Words: 8661 - Pages: 35