Application security


Question Description

For research paper,

You will imagine that you have been hired as an Application Security consultant firm for an government organization, where you will be assessing the needs for an Application Security to solve their problem with a lack of Application Security with their enterprise applications.

The organization wants a solution that deals with OWASP 2017 Top Ten Risks as they have issues with every category.

You will:

  • Identify a targeted business problem (IRS SCAMS) that can be supported by an Application Security solution.
  • Write an Application Security solutions document that uses Application Security methodologies to solve a problem.
  • Provide an overview of an Application security solution you propose to implement based on a problem of your choosing.
  • Your audience for this presentation will be senior executives for the company who will decide whether to sponsor and support the project.

  • The Research paper will be written using the APA style with at least 25 references (20 of which must be peer-reviewed) and contain at least 18 pages.

    Tutor Answer

    School: UT Austin

    hello, there. here is the final work, you can have a look at it and let me know of anything.


    Application security
    Author’s name:
    Institution Affiliation:




    Applications have a more and more vital role in our lives, yet they are altogether a real security
    risk, with hackers and attacker always finding improved ways to bypass security fortifications.
    This research paper will take an instance of an organization and look at how organizations are
    responding to the challenge. Software applications perform an important role in our lives.
    Regardless of where we are, home or workplace, we use them for communicating with people,
    staying up-to-date with the things happening in the world, keeping us busy and entertained, doing
    work and much more. The research paper will address the need for information security and the
    risks or the disadvantages of information security. Additionally, the paper will look at what an
    International Revenue Service (IRS) scam is, what ways an individual can identify an IRM scam
    and how to prevent and solve the using various techniques. The paper will dwell on the OWASP
    2017 Top Ten Risks vulnerabilities, their categories and how they can be solved where the
    researcher will take a case scenario and compare the RASP and WAF capabilities



    Application security involves mailing applications more secure by enhancing, finding and
    fixing security applications. This is mostly done during the development phase of SDLC but it
    also includes tools and methods to protect applications once they are implemented. This is
    becoming more essential as hackers and attackers target applications increasingly with their
    One of the biggest mistake organizations make while deploying Application Security is
    complacency. They usually assume that the world is static and so should the applications. This
    however is not the case as applications don’t live in a static world any more than we do. Even
    though the app code might not, it does not necessarily imply that network, client or server has
    remained static. Patches, advancements and new apparatus are continuous in the technology field.
    Just because the organization checked and re-checked their code and application when they
    installed it in the first place and they have not upgraded or transformed it doesn’t mean it is
    currently secure. They necessarily need to account for things like a modification in the firewall
    rule set, a patch to the operating system of server they are using, sometimes even a hypervisor
    update, consider which clients are accessing the application or the site and even the browser and
    the browser version they are using.
    There numerous variables that are continuously changing. Many people and organizations
    mistakenly think that application security testing and safety is something done once at the
    implementation phase or something done only when they update their application code, however,
    there is more to application security than just the application itself. Even if they have a WAF or
    some other technology on their applications, they still need to be tested and probed on a regular
    basis exploitability, which in this case is an IRS scam, reachability and vulnerabilities. An



    application security program that considers testing to be a regular event is the best thing
    organizations can do to improve their application security
    International Revenue Service (IRS) Scam
    In this research paper, the researcher will use the concept of OWASP 2017 Top Ten Risks and
    vulnerabilities to provide a solution to the major business problem to the government organization
    which in this case is the international revenue service scams.
    The international revenue service scam involves con artists using emails or phone calls to
    manipulate the tax payers into paying ‘taxes to their’ accounts. Con artists make unwanted calls
    claiming to be the international tax revenue officials usually demanding that the victim pay a bogus
    and, in most cases, huge tax bills. The attackers usually convince the victims to send them cash,
    usually done via a gift card, wire transfer, or a prepaid debit card. The con artists may sometimes
    also leave what they consider urgent callback requests via phone robot calls or by sending a
    phishing email. Many of these phone scams use threats to frighten and torment their target into
    paying. They may sometimes even threaten to revoke the driver’s license of their victim, arrest or
    deport the victim if they do not pay what they would consider as taxes
    These international revenue service scammers often modify caller identification numbers to make
    it look like the international revenue service or another agency is calling. The scam callers usually
    use the international revenue service employee titles and bogus badge numbers to help them appear
    legitimate. The scammers most of the times even use the victim’s personal information such as
    names and addresses to make their call sound official.



    Below are some of the things that scammers may do to affect the governmental organization in
    this case that the international revenue service will not do that may help them to distinguish
    between the two entities;


    Call the organization or their clients demanding immediate payment by use of a specific
    payment process such as a wire transfer, prepaid debit card, gift card or wire transfer.
    Usually, the international revenue service will first of all mail a bill to the organization or
    to their client that may have owed taxes to the IRS authority.


    Threaten the organization or their client to immediately bring in local authority or other
    law-enforcement assembly to have the organization arrested for not paying the tax


    Give a demand to the organization or their clients that taxes are to be paid without giving
    the victims the opportunity to question or appeal the amount owed.


    The international revenue service usually does not ask for credit or debit card numbers via
    the phone.


    The international revenue service agents usually never call organizations or clients about
    an unanticipated refund.

    The OWASP 2017 top ten vulnerabilities

    After discussing and having an overview of what international revenue service is, we will have a
    look at what OWASP 2017 top ten vulnerabilities are, how they have improved from the OWASP
    2013 top ten vulnerabilities and how we will use the 2017 OWASP top ten vulnerabilities to solve
    the problem at hand which is the international revenue service scam.



    What is OWASP 2017 top ten vulnerabilities?

    The Open Web Application Security Project (OWASP) is a non-profit organization enthusiastic
    about providing impartial, practical information entailing application security. The open web
    application security project Top 10 Web Application Security vulnerabilities was updated in 2017
    to help providing direction to developers and security experts on the most dangerous vulnerabilities
    that are frequently found in web applications. These vulnerabilities are also easy to exploit. These
    10 application risks are hazardous because they might allow attackers to put a malware into your
    system, steal data, or completely overtake an individuals or organizations computers or web

    Web application attacks are currently the most frequent design in confirmed breaches. Up till now,
    many organizations brawl to implement an application safety program for the reason that they
    simply do not know specifically where to start from. Setting strategies based on eradicating
    OWASP Top 10 vulnerabilities is a brilliant starting point for an organization. These OWASP top
    ten vulnerabilities are extensively accepted as the greatest likely to be oppressed, and remediating
    them will significantly decrease the organization’s risk of breach. Most researches disclose that
    most organization’s applications continue to flop OWASP Top 10 policy plan, even though these
    safety vulnerabilities are easier to discover and fix. One of the major reasons for this disconnect is
    that developers are not properly trained in cyber security and protected coding performs. Security
    teams also have misapprehensions on what application security should be and what it should not
    be. A one-time scan or pen examination of a one or two of business-critical applications is not an
    effective application safety. A program that unceasingly evaluates the applications a company
    builds, buys or bring together, from beginning to production, is actual application security.



    Application security distresses all organizations in all businesses, but most researchers have found
    that diverse OWASP Top 10 flaws are more predominant in different businesses. Organizations
    ought to use this information to move their focus to the g...

    flag Report DMCA

    awesome work thanks

    Similar Questions
    Related Tags

    Brown University

    1271 Tutors

    California Institute of Technology

    2131 Tutors

    Carnegie Mellon University

    982 Tutors

    Columbia University

    1256 Tutors

    Dartmouth University

    2113 Tutors

    Emory University

    2279 Tutors

    Harvard University

    599 Tutors

    Massachusetts Institute of Technology

    2319 Tutors

    New York University

    1645 Tutors

    Notre Dam University

    1911 Tutors

    Oklahoma University

    2122 Tutors

    Pennsylvania State University

    932 Tutors

    Princeton University

    1211 Tutors

    Stanford University

    983 Tutors

    University of California

    1282 Tutors

    Oxford University

    123 Tutors

    Yale University

    2325 Tutors