Cyber Attack Surface Analysis

Anonymous
timer Asked: Nov 7th, 2018

Question Description

You recently took a position as a Cyber Security Analyst for a small software company. The software company currently has three commercially available off-the-shelve software products that are sold to businesses and/or organizations (B2B). They can range from small companies to very large companies including those in the Fortune 500. One of their products has been identified by CERT to have several vulnerabilities. Since this event occurred, the Chief Cyber Security Officer (CCSO) suspects that not enough security is built into the software development process used at the company. You have been asked by the CCSO to conduct a cyber attack surface analysis on one of their web-based products in an effort to improve the software development process.

[ IT544 | Platforms, Applications and Data Security] Unit 3 Assignment Scenario You recently took a position as a Cyber Security Analyst for a small software company. The software company currently has three commercially available off-the-shelve software products that are sold to businesses and/or organizations (B2B). They can range from small companies to very large companies including those in the Fortune 500. One of their products has been identified by CERT to have several vulnerabilities. Since this event occurred, the Chief Cyber Security Officer (CCSO) suspects that not enough security is built into the software development process used at the company. You have been asked by the CCSO to conduct a cyber attack surface analysis on one of their web-based products in an effort to improve the software development process. Instructions: For assignment purposes, select a multi-layered (presentation layer, business layer and database layer) web-based open source project in place of the software company’s web-based product. In place of the open source project, if you are familiar with another web-based system that meets the requirements, then discuss using it with your instructor. Assume that the presentation layer resides on a dedicated server in the company’s DMZ. The other two layers of the software are behind the corporate firewall and can reside on one or two dedicated servers. The web application is accessible from the Internet and is browser based. Firefox, Chrome, Internet Explorer and Safari are the supported browsers. You will conduct a cyber attack surface analysis on the system/application you selected. Focus your analysis from an external cyber attack point of view. It is not necessary to focus on end user cyber attacks (social engineering attacks, etc.). You will define the cyber attack surface (do not forget to consider the O/S’s used and Web server), you will identify and map the cyber attack vectors, categorize what was identified, and pick at least 3 use-cases that validates your understanding of the attack surface. Finally, determine if the attack surface can be reduced. All of this analysis will help the CCSO understand the cyber attack surface for the product. In an effort to help with your analysis, you can use an open source or commercially available attack surface analyzer to help with your analysis. Finally, this assignment should also include a graphical representation of the attack surface with descriptions (Consider using Viso for this part of the assignment). Your analysis paper should be at least 5–6 pages of content (exclusive of cover sheet etc.), using Times New Roman font style, 12pt, double-spaced, using correct APA formatting, and include a cover sheet, table of contents, abstract, and reference page(s). Be sure to document your content with proper APA in text citations that match your reference list. You should support your assertions with credible sources. You may use peer-reviewed articles, trade magazine articles or IT research company (Gartner, Forrester, etc.) reports to support your research; you can use the Kaplan University library to search for supporting articles and for peer-reviewed articles. Wikipedia and sources like it are unacceptable. You Can Do IT! 1 [ IT544 | Platforms, Applications and Data Security] In accordance with the Kaplan University Academic Integrity policy, your assignment will be automatically submitted to TurnItIn (see: http://turnitin.com/en_us/features/originalitycheck ). KU policy states that papers submitted for credit in any Kaplan course should contain less than 25% “non-original” material, so avoid large sections of direct quotes and be sure that you use APA formatting to properly cite and reference all non-original material. Assignment Requirements:      At least 5–6 pages of content (exclusive of cover sheet etc.), using Times New Roman font style, 12pt, double-spaced, using correct APA formatting, and include a cover sheet, table of contents, abstract, and reference page(s). Include at least one graphical representation of the attack surface with descriptions. No spelling errors. No grammar errors. No APA errors. For more information and example of APA formatting, see the resources in Doc sharing or visit the KU Writing Center from the KU Homepage. Also review the KU Policy on Plagiarism. If you have any questions, please contact your professor. Assignment Grading Rubric = 110 points Assignment Requirements 1. Selected a multi-layered open source Points Possible Points Earned 0–15 web-based product to conduct the cyber attack analysis on and sufficiently explained its functionality. 2. Defined the cyber attack surface in sufficient detail for the product selected including at least one graphical representation of the attack surface. 0–15 3. Identified and mapped the cyber attack vectors in sufficient detail. 0–15 4. Categorized the cyber threat vectors identified so that they can be shared with the software developers, software testers and other applicable personnel. 0–10 5. Selected at least 3 use cases for the 0–10 product and sufficiently described the use You Can Do IT! 2 [ IT544 | Platforms, Applications and Data Security] cases and your understanding of the cyber attack surface complexity. 6. Explained where the attack surface could 0-20 be reduced. Assumptions can be made by you to help support your position. 7. Grammar and spelling are error-free, and 0–10 correct APA formatting is used throughout the paper. Paper has TurnItIn score of 25% or less for non-original material. 8. 5–6 pages of content (exclusive of cover 0–10 sheet etc.), using Times New Roman font style, 12pt, double-spaced, and includes a cover sheet, table of contents, abstract, and reference page(s). Column Total 0–110 Points deducted for spelling, grammar, and/or APA errors. Adjusted total points You Can Do IT! 3

This question has not been answered.

Create a free account to get help with this and any other question!

Brown University





1271 Tutors

California Institute of Technology




2131 Tutors

Carnegie Mellon University




982 Tutors

Columbia University





1256 Tutors

Dartmouth University





2113 Tutors

Emory University





2279 Tutors

Harvard University





599 Tutors

Massachusetts Institute of Technology



2319 Tutors

New York University





1645 Tutors

Notre Dam University





1911 Tutors

Oklahoma University





2122 Tutors

Pennsylvania State University





932 Tutors

Princeton University





1211 Tutors

Stanford University





983 Tutors

University of California





1282 Tutors

Oxford University





123 Tutors

Yale University





2325 Tutors