AimsThis assignment aims to broaden your study of system and network security; develop writing and presentation skills for cybersecurity topics.The task of this assignment is to study a research topic...

WEB SECURITY
Author:
Abstract
Web security is related to securing servers and websites from online risks. It aims for safeguarding sensitive data by discovering, responding and restricting attacks. It includes security checks that involve scanning URLs for identifying potential malware and vulnerabilities through the website security software. Web security checks and informs users about one risk and provides a solution for addressing. The first step includes ensuring safety for recognizing and preventing the risk. It is important for handling hackers, viruses, spyware and worms. It includes use of HTTPS that uses TLS or SSL for encrypting communication between server and client. It provides a secure connection that allows the client to be sure that it is connected with the intended server for the exchange of sensitive information. The use of secure context provides with reasonable confidence that the content can deliver secure and potential connection with connect and it does not get compromised by the victim of attack. It provides a solution with a deep level of visibility and ensures control of the web traffic. All the traffic flowing through can be inspected at the application layer for detecting malicious content and it can help in approving traffic that continues to the intended destination. Web security is required for exploration of proprietary and sensitive data that occurs in the variety of ways and ensures safety of the data.
Table of Contents
Introduction    3
Technical contents    4
Security Issues    4
Solution    6
Strength of solution    7
Weakness of solution    8
Discussion    8
Pros    8
Cons    9
Conclusion    10
References    11
Introduction
The study describes web security issues that include authentication issues, XSS attack, security mis-configuration and insecure direct object reference. It includes information about the implementation of web security that can help in protecting systems from disrupting and misdirecting the services. It ensures protection against attackers and provides smooth operation. The web security ensures filtering and monitoring internet traffic that flows between the internet and the application. It provides the protection against attacks that includes cross site tracks, SQL injection, XSS attacks and file inclusion. It comes with a vulnerability scanner that ensures that all the data is examined properly and it can help the security team in addressing critical vulnerabilities. Web security is required for ensuring that valuable information is kept and protected from hackers. It includes multiple factors that ensure security along with different techniques and checkpoint for keeping the data safe. It follows multiple security standards that are required to be highlighted and implemented for keeping hackers away from accessing sensitive data.
Technical contents
Security Issues
The security issue with the web includes unmitigated vulnerability or risk in the system that can be used by hackers and can cause damage to system or data. It includes vulnerability in the software and services connecting the business to the customer along with business people and processes. Web security has been a major problem that should be addressed because it is the effort that can be put into finding the way for exploiting attempts that are inevitable. The web security issues include major parts that include security of the web server and data. It is important to ensure that the server can continue the operation and the information on the server cannot be modified without authorization and the information can be distributed to individual to authorized persons. Securing information can travel between user and web server. It can help in assuring that the information the user supplied to the web server cannot be modified and read. Major security issues include:
Injection Flaws
Injection flaws are the result from the classic failure for filtering untrusted input. It may happen when the unfiltered data is passed to the SQL server, the browser and LDAP server. The problem is that an attacker can easily inject the command for hijacking the browser and it can result in the loss of the data (Nunes et al. 2018). It is important that the information received from untrusted sources should be filtered. There are issues with configuration and use of blacklisting is not recommended. As blacklist can be used by hackers to bypass and it can cause failure of blacklist as the pattern does not match with the work.
Broken Authentication
The major web security issue can be caused by broken authentication and the problem occurs if the authentication does not step from the same root cause. The rolling of the authentication is not recommended and it can become hard for getting right. It can be the cause of possible pitfalls and it can be valued because the URL might contain the session ID and it can cause the lead in the referred header (Helmiawan et al. 2020). It may be because passwords cannot be encrypted in the storage and transit. It is easy to predict Session IDs and it can help in unauthorised access. Session hijacking is the cause of these security issues and it can occur because of timeouts that are not implemented correctly.
Cross-Site Scripting
In this web security issue the attacker can send the input of Javascript tags to the web application of the user. The user is then retired to the user unsanitized and the browser can execute the javascript tag. It can cause a widespread input sanitization failure that is the subcategory of infection flaws (Nunes et al. 2019). CSS is considered as simple as the crafting link and it is persuading the user to click and it can become more sinister. On loading the page, the script can run and it can be used for posting cookies to attackers.
Insecure Direct Object References
It can be the classic way for trusting user input and paying the price that can inherit the resultant security vulnerability. It includes addition of direct object reference that means it can affect internal objects like database keys and it can get exposed to users and it can leave it vulnerable to attacks (Agrawal et al. 2019). The attacker can provide the reference for tracking and the authorisation can be broken and the attacker can get into the system. Vulnerability includes a password reset function that relies on the input provided by the user for determining the identity.
Security Misconfiguration
The security mis-configuration in the web security issue, that...