Some organizations are moving their business applications to the cloud to reduce their infrastructure costs. In some instances, organizations use web applications, which introduces security challenges.
Go to Basic Search: Strayer University Online Library to locate and integrate at least two quality, academic resources (in addition to your textbook) on cloud computing and the risks associated with it. You may also use government websites, such as Cybersecurity from the National Institute of Standards and Technology.
Please respond to the following in a post of at least 200 words:
- Explain the challenges and risks web applications face.
- Describe the methods organizations use to mitigate these challenges and risks.
- Provide full citations and references, formatted according to Strayer Writing Standards.
- For assistance and information, please refer to the Strayer Writing Standards link in the left-hand menu of your course. Check with your professor for any additional instructions.
In 60 to 75 words, please respondto students response below:
Hello Professor and Class,
In the book on pages 290-291 it says:
Some challenges and risks web applications face would be injection. SQL injection where someones code tricks the website or server into thinking it is coming from the user or exposes login or credentials. Broken Authentication- Application functions related to authentication and session management are often implemented incorrectly, allowing attackers to compromise passwords, keys or session tokens. Sensitive data exposure- That is exactly what it says it is and it can happen several different ways. XML external entity- This type of attack parses XML input. Broken Access Control- I think you can put privilege creep into this also. Security misconfiguration- This can only be handled by admins and network admins. The correct configuration is crucial for proper security. Cross-site scripting. This occurs whenever an application includes untrusted data which should never be the case today. Things like Adobe flash and other applications like that are examples. Insufficient logging and monitoring-This is crucial just like the proper configuration.
On the bottom of page 291 it states the most important tool in countering web application threats is a web application firewall. This is a firewall that monitors, filters or blocks data packets as they travel to and from a web application .
It also says provide confidentiality and integrity protection for configuration files and other information specific to the application by isolating the files from the other programs on the server and restricting file access. Website content should similarly have confidentiality and integrity protections. Oversight in the form of regular content review is needed to ensure that the content is not inappropriate and is accurate.