threat agents who are most interested in clogging web applications made through app maker

threat agents who are most interested in clogging web applications made through app maker

Introduction

A system that is unclogged to public internet traffic is always vulnerable to continuous attack. Most of these attacks are either untargeted or undirected. Attackers hoover around trying to figure out any system that could be vulnerable. The enormous majority of this traffic consist of uncomplicated automatic scripts that try well known attacks counter to possibly unpatched items. It is essential to note that the motives of these untargeted attack sweeps vary greatly. These sweeps are conducted by either independent attackers or criminal organizations. We cannot evade the fact that not every sweep is conducted by criminals though in most if not all occasions, conducting such sweeps is illegal. In this paper, I will discuss the threat agents who are most interested in clogging web applications made through app maker.

It is obvious that there could be threat agents who will be interested in hacking the financial information of customers since most criminals seek financial boost in most of their criminal activities. This doesn’t in any way allude that there are more threat agents interested in the financial information of customers other than other forms of cyber fraud. Other forms of cyber fraud like denial of service attacks are also rampant. Threat agents take advantage of the website that is not keen in handling the financial transactions of its customers. For instance, there could be a fraud scam of purchase of products at a very low price or even no price at all. Criminal organizations are the most rampant participants in this cyber fraud.

There are attackers who run a vast collection of hosts which are compromised (commonly known as botnets). These botnets are for rental purposes and they are always interested in servers underlying the web application. Such attackers will engage in activities such as selling illicit digital products which include pirated software, pirated movies and other digital products. For these attackers to be able to partake in these activities, they are interested in web application storage so that they store the illegal digital content there. Some of these attackers go to the extent of using the web applications to attack the customers so that the customers will believe that they using a trustworthy website oblivious of the fate of being attacked awaiting them.

In lumping together these attackers, we can call them cyber criminals despite the fact that their targets are slightly different since they all portray same gross peculiarity (chapter 2 and chapter 4). The ultimate goal of most of these attackers is a financial reward. However, an activist group could be interested in attacking a web application or a cyber-store if the web application is taking a political stand that has some sort of rivalry with the activist group. This is one of the rarest cases in web application attacks since most web applications stay out of political controversy.

Eventually, the other uncommon web attack case is about Industrial espionage. Espionage is the act of spying on industry or company operations and activities to obtain military or political information. This is probably one of the rarest cases in web application attacks since it will involve military hardware products being sold through a web application. Such an application will attract nation-state attention and it will probably be a ceased after a very short period of time. However, industrial espionage could be a possibility if in a certain vein the products sold are proprietary in particular. There is also a possibility that in line with all these threat agents, saying that security researchers are `threats` could also be an additional threat agent which public sites and products must beware of. Although most people would consider this as an insult, there is no insult intended whatsoever. This is because of the fact that most vulnerability researchers have interest of hurting the systems that they probe.

Question 2

Introduction

Since the web store has purchased the AppMaker, where the AppMaker is responsible whenever an injection lies, it is therefore necessary to treat the application itself, by making the vendor’s code to protect the store. The AppMaker must come up with a rigorous input authentication approaches to protect it against an injection attack. With the complexity and the combinatorial systems, this case comes in where an institution security is relying on one or more vendor`s security practices but the responsibility of preventing the application-level code attack lies strongly in the hands of the AppMaker vendor.

According to Schoenfield, B. S. (2015), in the world of computer security, it is assumed that all web stores have an authentication system and since the authentication system are the likely targets, authentication system has therefore been placed within its own separate subnet where the various components have an access to perform the authentication. However, traffic from the internet is not allowed. The authentication system is made to be invisible from the internet where the web-Stock-A-Rama`s customer can reach it directly (Schoenfield, B. S. 2015).

It is obvious that the data fetches are not generalized; we come to visualization that the databases server must fetch data from every data store. In the web store, every data store will be used where each dynamically generated HTTP response, the AppMaker has to find the appropriate application through its metadata. Now that the database is the intermediary between various data store and applications then each function must be configured and administered. We all are aware that all web servers, authentication system, application servers and database servers consists of administrative interfaces that applies different network interfaces and have a special user interface whereby only the administrator is allowed to access the interface (Aafer, Y. 2016).

Every system has a set of configuration and also must store some running metadata, it must therefore be considered an attack surface, and however there are a series of existing measures to protect the servers and their hard disks. We therefore focus on the section of the attack surface in order to maintain the target spotted. It is therefore of crucial to implement on techniques to protect the configuration files and metadata sets and this achieved by adding a management access control layer that requires an authentication for an administrator can access the management interfaces and configuration data (Okholm, J. E., & Reid, E. D. 2007).

Network security is the major issue in the world web activities like e-business, every participant is going for a secure website in order to keep his/her financial data safe. The traffic going through the two parties is nothing other than the retailer`s customer`s financial information. The routing of any particular packet does not have a guaranteed security, and this is one of the characteristics of the TCP/IP. In order to protect sensitive traffic over the internet, it must be encrypted, using the two approaches i.e. TLS and VPN (Virtual Private Network) (Balakrishnan, B., Haribaskar, S., Stalin, P., Gokul, V., & Mohan, K. S. 2015).in order to prevent an attacker from establishing a VPN to generate more attacks, the VPN between the two entities must be bidirectional authenticated. Without an authentication an attacker establish a VPN to confuse either the payment application at the retailer or the payment processing service. At the network protection is done in the manner that only the IP addresses of the third party will be allowed to establish the VPN, and for this to be reliable the mutual authentication is the preferred choice of authentication because neither of the party can protect itself from an intruder third party (Huang, Y., Zhu, J. H., & Li, H. 2013).

References

Schoenfield, B. S. (2015). Securing systems: Applied security architecture and threat models. CRC Press.

Aafer, Y. (2016). Systematic discovery of Android customization hazards.

Okholm, J. E., & Reid, E. D. (2007). U.S. Patent No. 7,203,169. Washington, DC: U.S. Patent and Trademark Office.

Huang, Y., Zhu, J. H., & Li, H. (2013). General Discussion on Prevention Technologies of Network Security. In Applied Mechanics and Materials (Vol. 347, pp. 3307-3311). Trans Tech Publications Ltd.

Balakrishnan, B., Haribaskar, S., Stalin, P., Gokul, V., & Mohan, K. S. (2015). FILE SECURITY SYSYTEM FOR AVOIDING INSIDERS ATTACK. Int. J. Engg. Res. & Sci. & Tech, 240.