Web Application Security

Posted by

Web application Security is concern with reducing the risk that the application exposes us to.It is hard to have a system fully secure,from  Richards’ Law of Computer Security in 1992 he stated that The first law: don’t buy a computer. The second law: if you do buy a computer, don’t
turn it on.
in choosing the best system to use in our daily chores we have to understand the risks that comes with the use of that system and measure to see if its benefits outweighs the risk then we are goo to make a choice and use that system.in making assessment to a system we compare based on three components that is Vulnerability,threat and consequences

A vulnerability is what allows an unintended and undesirable action to take
place. In our credit card example, the vulnerability is that our credit card leaves our
sight and we have no control over what happens to it at that point (one may also note
that having a universally authenticated identification method, like a credit card number, is also a vulnerability in this scenario; why is the knowledge of a credit card number
accepted as sufficient proof that you are whomever that card number belongs to?). The
widespread availability of card skimmers is also a component of the vulnerability; if
the card could not be duplicated in so quick and easy of a manner, the situation would
be less concerning.

A threat is the second component of risk. A threat is something, or someone, that can
take advantage of a vulnerability. In a waiters use  case, the threat is a waiter who does take the
card and clone it, using it to make fraudulent purchases. Here, we can judge that the
threat is probably somewhat low. Most waiters are honest, hardworking people, so the
threat in this case is much lower than what it may be if we were using that card to pay
for stolen electronics instead of a meal, as an individual selling stolen goods is much
more likely to steal our card information as well. So while the vulnerability in this
situation may be severe, the threat is not particularly high

consequence is the third component of risk. This refers to what would happen if whatever bad things we are considering were to actually happen. If we hand over our credit
card to the waiter and he skims it and clones the card, what are the consequences? If
no mitigation were in place (more about that in a second), the attacker could quickly
purchase thousands of dollars worth of goods that we could then be charged for, potentially ruining our credit and requiring many hours of painful work to get resolved.
The consequences of having our credit card cloned, through a successful exploitation
of the vulnerability by the threat, could be severe.

What do we have here with regard to risk? The current system has a pretty serious
vulnerability in it, as the card leaves our sight and can be easily cloned with the right
device (which is widely available to anyone that wants one). The threat is probably
pretty low, as most waiters are not out to steal our card information. The consequences
of such a successful exploitation, however, could be pretty high. Consider all of these
factors together and we can get a decent idea of what the risk of paying for our meal
with a credit card is, and it is not a particularly positive outcome. This is basic definition
of risk; it is a function of vulnerability, threat, and consequences.

Leave a Reply

Your email address will not be published. Required fields are marked *