"OWASP Top 10"
The Open Web Application Security Project came into existence December 1st 2001, and is still used for the development of Web applications.
Go to the Open Web Application Security Project (OWASP) Website, located at https://www.owasp.org/index.php/Main_Page, and find their "Top 10." Review the OWASP top 10 Web Application Security Risks for 2017. What are the most significant changes since 2013? Choose one of the items and look at it closely. For example, number 10 is "Insufficient Logging and Monitoring"; what is recommended to prevent this risk? What does that mean to you based on your experience in this class so far? Knowing the importance of identifying threats, how should developers be responsible for log files and monitoring. Justify your answers. Share your findings with your classmates and provide links to any useful resources you find. After reading a few classmate postings, reply to the ones where you learned something new, or have something to add. Get in early to post your initial feedback and keep the discussion going. Additional post option: In your opinion, why do some of the above-mentioned risks still exist?
question 2 Web Security Verification"
Application security does not happen on its own. Organizations must recognize the value of security and make it a priority when developing applications.
Imagine that you are the IT Security Officer for a large company, and you have been assigned the task of implementing a Web application security verification model. List the factors you find are required, at a bare minimum, to make an application secure. Review relevant sites on the Internet and describe what tools or Websites can be used to automate such an assessment. In your opinion, which approach is more reliable:
manual or automated verification? Why? Provide links to any tools that you find and share them with your classmates. After reading a few of your classmates' postings, reply to the ones from which you learned something new or to which you have something to add. Remember to get in early and post often. Additional post option: Research the term OPENSAMM. What is the purpose of this site and how can it assist with security verification?
question 3 "Compliance and Regulations"
Many recent breaches have involved payment card systems, otherwise known as point of sales (POS) terminals. The regulations and standards for POS systems is called the Payment Card Industry Data Security Standard (PCI DSS).
Research recent POS breaches, (find examples from within the last three years) and explain based on your reading in class what occurred. Explain why or why not you think the breach was preventable, as well as the overall impact the breach had on the business. In your opinion, if the breach was preventable and the company is found responsible should they be given a monetary penalty or should stricter legal action be taken, such as jail time? Justify your answer. Suggest or recommend any tool that could help to maintain compliance. Share examples with your classmates and provide links to any useful resources you find. After reading a few classmate postings, reply to the ones where you learned something new, or have something to add. Get in early to post your initial feedback and keep the discussion going. Additional post option: How often is reporting required to maintain compliance status with PCI Data Security Standard? Do you agree with this requirement and why or why not?