APPLICATION SECURITY

EVALUATIVE ACTIVITY AXIS 3

Presented by:

Luis Alejandro Avellaneda Vásquez

Presented to: Jenny Arcos

ANDES UNIVERSITY FOUNDATION.

SCHOOL OF ENGINEERING.

VIRTUAL SYSTEM ENGINEERING

BOGOTA DC.

2020.
INTRODUCTION
Currently, new styles of cyberattacks on applications are emerging.
Better prepared hackers, with more destructive tools and less vulnerable,
What will be addressed in the following work aimed at the subject of security in applications
the issue of vulnerabilities present in applications and how attackers can
take advantage of them.

OBJECTIVES
Analysis of possible vulnerabilities in web applications.
Presentation of a problem situation and what generated it.
Detailed report according to the provided thought references.

DEVELOPMENT
Name Real example of
vulnerability. vulnerability. exploitation of the attack due to the
vulnerability. vulnerability.
Entries The access The Cookie Robbery Meltdown y
invalidated. application is little for supplant Spectre son
worked and all identity. vulnerabilities
they have permissions-The same user that affects the
to modify. It is on two IP. processor.
Control failures when accessing-Login with Starwood Group keys on
Access. to a resource and these simple generics. the one that they saw
not protected - Affected hash algorithms the databases
for authentication that weakens or lacks data due to a
encrypted. they are present. unauthorized access.
Failures in The classification for - There is no time with the section
permission management for close previous if there is a
Authentication and users incorrect, automatic session. closing time of
Session.close time of -User and session key reduce the
session failed. duplicate or simple. possibility of damage
Cross Failures Just like theSource code with Banco Santander
Site Scripting injection of possibilities I present to you
(XSS) code an attacker modification. vulnerabilities
generate a script-Non-related data collection a
what leads to reliable places. Pishing.
similar page.
Overflow The amount of -Consumption from the worm Code
from Buffer. data within a memory greater than the Red that affected and
expected transfer. exposed
exceeds capacity - Loaded demand. vulnerabilities in
from Buffer. Buffer Overflow. Microsoft Internet
Information Server.
Injection from the source codeModel from Sony was a product
code. of the weak encryption application. from an attack of
what no this processes DLL injection of
protected could be redundant the code where it
being included third-party scripts. they stole data
 malicious. sensible.
Failures in management Messages appearOmission of Him use of
of errors. about error messages for passwords
in the implementation of actions. standards increase
functioning of -Solution of the possibilities of
software of fragile security. cyber attack.
team.
Storage The accesses are saved just like MongoDB
insecure. data of they weaken. affection the
organization in a -Anyone can operations of
application without access a Amazon, eBay or
public safety. information. governments.
Denial upon accessing aAccess to transfer GitHub has stopped.
service. port scripts to work between the
unprotected the one from the network. 5:21 PM at 5:31
attacker can-SYN Floyd by pm with a traffic
generate traffic of medium of Crackers. of 1.35TB
Red hoarder.
Faults in theConfiguration Configuration MongoDB was
management of erroneous or outdated, belongs the press del
Configuration. belonging to previous users. ransomware due to
previous programs-Personnel no a his/her lack of
installed. qualified. security.

CONCLUSIONS
At the moment an individual or organization makes use of an application in addition to
acquire its functionalities and advantages, it is also exposed to a certain type of
computer attacks mainly due to vulnerabilities that lead to threats
latents that can affect its operation, credibility and waste your time. Therefore
that companies must form a team responsible for coordinating a system of
security according to the needs and processes managed by the company to minimize
the damages caused, users must be trained for both daily handling
from your workstation like the treatment during an attack since this same one will be
the first instance that is affected.

BIBLIOGRAPHY
Reading Axis III, Security in FUAA applications
This is how the largest DDoS attack in history occurred:
Unable to access external links.
New Cross-Site Scripting (XSS) Vulnerability at Banco Santander :
New cross-site scripting (XSS) vulnerability in the bank
Santander/
Code Red (computer virus):The provided text is a URL and cannot be translated.
(static)
SQL INJECTION Objective Sony:
Unable to access the content of the provided URL for translation.
A massive ransomware attack kidnaps 32,000 MongoDB servers:
The provided text is a URL, and I cannot access content from external links. Please provide the text you want translated.
mongodb-servers-201701102153_news.html?ref=https%3A%2F
http://www.google.com/
Marriott: a cyber attack exposes the data of 500 million customers
hotel groupUnable to access the content from the provided URL.
Meltdown (vulnerability):https://en.wikipedia.org/wiki/Meltdown_(vulnerability)
Spectre (vulnerability):Spectre (vulnerability)