Application security

Anonymous

Question Description

For research paper,

You will imagine that you have been hired as an Application Security consultant firm for an government organization, where you will be assessing the needs for an Application Security to solve their problem with a lack of Application Security with their enterprise applications.

The organization wants a solution that deals with OWASP 2017 Top Ten Risks as they have issues with every category.

You will:

  • Identify a targeted business problem (IRS SCAMS) that can be supported by an Application Security solution.
  • Write an Application Security solutions document that uses Application Security methodologies to solve a problem.
  • Provide an overview of an Application security solution you propose to implement based on a problem of your choosing.
  • Your audience for this presentation will be senior executives for the company who will decide whether to sponsor and support the project.

  • The Research paper will be written using the APA style with at least 25 references (20 of which must be peer-reviewed) and contain at least 18 pages.

    Tutor Answer

    Jean_Martin15
    School: UT Austin

    hello, there. here is the final work, you can have a look at it and let me know of anything.

    Running head: APPLICATION SECURITY

    Application security
    Author’s name:
    Institution Affiliation:

    1

    APPLICATION SECURITY

    2
    Abstract

    Applications have a more and more vital role in our lives, yet they are altogether a real security
    risk, with hackers and attacker always finding improved ways to bypass security fortifications.
    This research paper will take an instance of an organization and look at how organizations are
    responding to the challenge. Software applications perform an important role in our lives.
    Regardless of where we are, home or workplace, we use them for communicating with people,
    staying up-to-date with the things happening in the world, keeping us busy and entertained, doing
    work and much more. The research paper will address the need for information security and the
    risks or the disadvantages of information security. Additionally, the paper will look at what an
    International Revenue Service (IRS) scam is, what ways an individual can identify an IRM scam
    and how to prevent and solve the using various techniques. The paper will dwell on the OWASP
    2017 Top Ten Risks vulnerabilities, their categories and how they can be solved where the
    researcher will take a case scenario and compare the RASP and WAF capabilities

    APPLICATION SECURITY

    3

    Introduction
    Application security involves mailing applications more secure by enhancing, finding and
    fixing security applications. This is mostly done during the development phase of SDLC but it
    also includes tools and methods to protect applications once they are implemented. This is
    becoming more essential as hackers and attackers target applications increasingly with their
    attack.
    One of the biggest mistake organizations make while deploying Application Security is
    complacency. They usually assume that the world is static and so should the applications. This
    however is not the case as applications don’t live in a static world any more than we do. Even
    though the app code might not, it does not necessarily imply that network, client or server has
    remained static. Patches, advancements and new apparatus are continuous in the technology field.
    Just because the organization checked and re-checked their code and application when they
    installed it in the first place and they have not upgraded or transformed it doesn’t mean it is
    currently secure. They necessarily need to account for things like a modification in the firewall
    rule set, a patch to the operating system of server they are using, sometimes even a hypervisor
    update, consider which clients are accessing the application or the site and even the browser and
    the browser version they are using.
    There numerous variables that are continuously changing. Many people and organizations
    mistakenly think that application security testing and safety is something done once at the
    implementation phase or something done only when they update their application code, however,
    there is more to application security than just the application itself. Even if they have a WAF or
    some other technology on their applications, they still need to be tested and probed on a regular
    basis exploitability, which in this case is an IRS scam, reachability and vulnerabilities. An

    APPLICATION SECURITY

    4

    application security program that considers testing to be a regular event is the best thing
    organizations can do to improve their application security
    International Revenue Service (IRS) Scam
    In this research paper, the researcher will use the concept of OWASP 2017 Top Ten Risks and
    vulnerabilities to provide a solution to the major business problem to the government organization
    which in this case is the international revenue service scams.
    The international revenue service scam involves con artists using emails or phone calls to
    manipulate the tax payers into paying ‘taxes to their’ accounts. Con artists make unwanted calls
    claiming to be the international tax revenue officials usually demanding that the victim pay a bogus
    and, in most cases, huge tax bills. The attackers usually convince the victims to send them cash,
    usually done via a gift card, wire transfer, or a prepaid debit card. The con artists may sometimes
    also leave what they consider urgent callback requests via phone robot calls or by sending a
    phishing email. Many of these phone scams use threats to frighten and torment their target into
    paying. They may sometimes even threaten to revoke the driver’s license of their victim, arrest or
    deport the victim if they do not pay what they would consider as taxes
    These international revenue service scammers often modify caller identification numbers to make
    it look like the international revenue service or another agency is calling. The scam callers usually
    use the international revenue service employee titles and bogus badge numbers to help them appear
    legitimate. The scammers most of the times even use the victim’s personal information such as
    names and addresses to make their call sound official.

    APPLICATION SECURITY

    5

    Below are some of the things that scammers may do to affect the governmental organization in
    this case that the international revenue service will not do that may help them to distinguish
    between the two entities;

    i.

    Call the organization or their clients demanding immediate payment by use of a specific
    payment process such as a wire transfer, prepaid debit card, gift card or wire transfer.
    Usually, the international revenue service will first of all mail a bill to the organization or
    to their client that may have owed taxes to the IRS authority.

    ii.

    Threaten the organization or their client to immediately bring in local authority or other
    law-enforcement assembly to have the organization arrested for not paying the tax

    iii.

    Give a demand to the organization or their clients that taxes are to be paid without giving
    the victims the opportunity to question or appeal the amount owed.

    iv.

    The international revenue service usually does not ask for credit or debit card numbers via
    the phone.

    v.

    The international revenue service agents usually never call organizations or clients about
    an unanticipated refund.

    The OWASP 2017 top ten vulnerabilities

    After discussing and having an overview of what international revenue service is, we will have a
    look at what OWASP 2017 top ten vulnerabilities are, how they have improved from the OWASP
    2013 top ten vulnerabilities and how we will use the 2017 OWASP top ten vulnerabilities to solve
    the problem at hand which is the international revenue service scam.

    APPLICATION SECURITY

    6

    What is OWASP 2017 top ten vulnerabilities?

    The Open Web Application Security Project (OWASP) is a non-profit organization enthusiastic
    about providing impartial, practical information entailing application security. The open web
    application security project Top 10 Web Application Security vulnerabilities was updated in 2017
    to help providing direction to developers and security experts on the most dangerous vulnerabilities
    that are frequently found in web applications. These vulnerabilities are also easy to exploit. These
    10 application risks are hazardous because they might allow attackers to put a malware into your
    system, steal data, or completely overtake an individuals or organizations computers or web
    servers.

    Web application attacks are currently the most frequent design in confirmed breaches. Up till now,
    many organizations brawl to implement an application safety program for the reason that they
    simply do not know specifically where to start from. Setting strategies based on eradicating
    OWASP Top 10 vulnerabilities is a brilliant starting point for an organization. These OWASP top
    ten vulnerabilities are extensively accepted as the greatest likely to be oppressed, and remediating
    them will significantly decrease the organization’s risk of breach. Most researches disclose that
    most organization’s applications continue to flop OWASP Top 10 policy plan, even though these
    safety vulnerabilities are easier to discover and fix. One of the major reasons for this disconnect is
    that developers are not properly trained in cyber security and protected coding performs. Security
    teams also have misapprehensions on what application security should be and what it should not
    be. A one-time scan or pen examination of a one or two of business-critical applications is not an
    effective application safety. A program that unceasingly evaluates the applications a company
    builds, buys or bring together, from beginning to production, is actual application security.

    APPLICATION SECURITY

    7

    Application security distresses all organizations in all businesses, but most researchers have found
    that diverse OWASP Top 10 flaws are more predominant in different businesses. Organizations
    ought to use this information to move their focus to the g...

    flag Report DMCA
    Review

    Anonymous
    awesome work thanks

    Similar Questions
    Related Tags

    Brown University





    1271 Tutors

    California Institute of Technology




    2131 Tutors

    Carnegie Mellon University




    982 Tutors

    Columbia University





    1256 Tutors

    Dartmouth University





    2113 Tutors

    Emory University





    2279 Tutors

    Harvard University





    599 Tutors

    Massachusetts Institute of Technology



    2319 Tutors

    New York University





    1645 Tutors

    Notre Dam University





    1911 Tutors

    Oklahoma University





    2122 Tutors

    Pennsylvania State University





    932 Tutors

    Princeton University





    1211 Tutors

    Stanford University





    983 Tutors

    University of California





    1282 Tutors

    Oxford University





    123 Tutors

    Yale University





    2325 Tutors