hello, there. here is the final work, you can have a look at it and let me know of anything.
Running head: APPLICATION SECURITY
Applications have a more and more vital role in our lives, yet they are altogether a real security
risk, with hackers and attacker always finding improved ways to bypass security fortifications.
This research paper will take an instance of an organization and look at how organizations are
responding to the challenge. Software applications perform an important role in our lives.
Regardless of where we are, home or workplace, we use them for communicating with people,
staying up-to-date with the things happening in the world, keeping us busy and entertained, doing
work and much more. The research paper will address the need for information security and the
risks or the disadvantages of information security. Additionally, the paper will look at what an
International Revenue Service (IRS) scam is, what ways an individual can identify an IRM scam
and how to prevent and solve the using various techniques. The paper will dwell on the OWASP
2017 Top Ten Risks vulnerabilities, their categories and how they can be solved where the
researcher will take a case scenario and compare the RASP and WAF capabilities
Application security involves mailing applications more secure by enhancing, finding and
fixing security applications. This is mostly done during the development phase of SDLC but it
also includes tools and methods to protect applications once they are implemented. This is
becoming more essential as hackers and attackers target applications increasingly with their
One of the biggest mistake organizations make while deploying Application Security is
complacency. They usually assume that the world is static and so should the applications. This
however is not the case as applications don’t live in a static world any more than we do. Even
though the app code might not, it does not necessarily imply that network, client or server has
remained static. Patches, advancements and new apparatus are continuous in the technology field.
Just because the organization checked and re-checked their code and application when they
installed it in the first place and they have not upgraded or transformed it doesn’t mean it is
currently secure. They necessarily need to account for things like a modification in the firewall
rule set, a patch to the operating system of server they are using, sometimes even a hypervisor
update, consider which clients are accessing the application or the site and even the browser and
the browser version they are using.
There numerous variables that are continuously changing. Many people and organizations
mistakenly think that application security testing and safety is something done once at the
implementation phase or something done only when they update their application code, however,
there is more to application security than just the application itself. Even if they have a WAF or
some other technology on their applications, they still need to be tested and probed on a regular
basis exploitability, which in this case is an IRS scam, reachability and vulnerabilities. An
application security program that considers testing to be a regular event is the best thing
organizations can do to improve their application security
International Revenue Service (IRS) Scam
In this research paper, the researcher will use the concept of OWASP 2017 Top Ten Risks and
vulnerabilities to provide a solution to the major business problem to the government organization
which in this case is the international revenue service scams.
The international revenue service scam involves con artists using emails or phone calls to
manipulate the tax payers into paying ‘taxes to their’ accounts. Con artists make unwanted calls
claiming to be the international tax revenue officials usually demanding that the victim pay a bogus
and, in most cases, huge tax bills. The attackers usually convince the victims to send them cash,
usually done via a gift card, wire transfer, or a prepaid debit card. The con artists may sometimes
also leave what they consider urgent callback requests via phone robot calls or by sending a
phishing email. Many of these phone scams use threats to frighten and torment their target into
paying. They may sometimes even threaten to revoke the driver’s license of their victim, arrest or
deport the victim if they do not pay what they would consider as taxes
These international revenue service scammers often modify caller identification numbers to make
it look like the international revenue service or another agency is calling. The scam callers usually
use the international revenue service employee titles and bogus badge numbers to help them appear
legitimate. The scammers most of the times even use the victim’s personal information such as
names and addresses to make their call sound official.
Below are some of the things that scammers may do to affect the governmental organization in
this case that the international revenue service will not do that may help them to distinguish
between the two entities;
Call the organization or their clients demanding immediate payment by use of a specific
payment process such as a wire transfer, prepaid debit card, gift card or wire transfer.
Usually, the international revenue service will first of all mail a bill to the organization or
to their client that may have owed taxes to the IRS authority.
Threaten the organization or their client to immediately bring in local authority or other
law-enforcement assembly to have the organization arrested for not paying the tax
Give a demand to the organization or their clients that taxes are to be paid without giving
the victims the opportunity to question or appeal the amount owed.
The international revenue service usually does not ask for credit or debit card numbers via
The international revenue service agents usually never call organizations or clients about
an unanticipated refund.
The OWASP 2017 top ten vulnerabilities
After discussing and having an overview of what international revenue service is, we will have a
look at what OWASP 2017 top ten vulnerabilities are, how they have improved from the OWASP
2013 top ten vulnerabilities and how we will use the 2017 OWASP top ten vulnerabilities to solve
the problem at hand which is the international revenue service scam.
What is OWASP 2017 top ten vulnerabilities?
The Open Web Application Security Project (OWASP) is a non-profit organization enthusiastic
about providing impartial, practical information entailing application security. The open web
application security project Top 10 Web Application Security vulnerabilities was updated in 2017
to help providing direction to developers and security experts on the most dangerous vulnerabilities
that are frequently found in web applications. These vulnerabilities are also easy to exploit. These
10 application risks are hazardous because they might allow attackers to put a malware into your
system, steal data, or completely overtake an individuals or organizations computers or web
Web application attacks are currently the most frequent design in confirmed breaches. Up till now,
many organizations brawl to implement an application safety program for the reason that they
simply do not know specifically where to start from. Setting strategies based on eradicating
OWASP Top 10 vulnerabilities is a brilliant starting point for an organization. These OWASP top
ten vulnerabilities are extensively accepted as the greatest likely to be oppressed, and remediating
them will significantly decrease the organization’s risk of breach. Most researches disclose that
most organization’s applications continue to flop OWASP Top 10 policy plan, even though these
safety vulnerabilities are easier to discover and fix. One of the major reasons for this disconnect is
that developers are not properly trained in cyber security and protected coding performs. Security
teams also have misapprehensions on what application security should be and what it should not
be. A one-time scan or pen examination of a one or two of business-critical applications is not an
effective application safety. A program that unceasingly evaluates the applications a company
builds, buys or bring together, from beginning to production, is actual application security.
Application security distresses all organizations in all businesses, but most researchers have found
that diverse OWASP Top 10 flaws are more predominant in different businesses. Organizations
ought to use this information to move their focus to the g...