User Account

All Pages

Critical vulnerabilities on the public facing website

Assignment Help Computer Engineering
Reference no: EM131625743

Write review on this article with 2 references in APA format. (tim) For this prompt, consider a college intern working at a technology company who is bored with their job and decides to runs WebInspect or Burp Suite to perform web application assessments (Primal Security, n.d.) against the customer facing corporate website.

After the scans are complete, they see there are a number of critical severity vulnerabilities. From a policy perspective, usually, but not always, corporations require signed user agreements before access is granted to the network.

These agreements will (or should) include requirements to not install unauthorized software, and to not attempt to circumvent network security controls. Assuming the vulnerability scan results are not false positive, the broader issue in this scenario is why are there critical vulnerabilities on the public facing website to begin with?

If the intern was hired to support in internal cybersecurity group, he probably will not get fired for exercising tools that are in his area of responsibility. If the intern works in finance, downloaded the tools, and installed them there could be more significant issues to contend with such as termination.

Unless the intern was specifically tasked with finding vulnerabilities, they are under no obligation to report them. Many web vulnerability assessment tools apply classifications to vulnerabilities that have to be assessed in the broader context of the organization's compensating security controls. For example, a default critical vulnerability may only have moderate impact based on an organization's security architecture and also needs to be assessed in the context of threats that are applicable to the organization (NIST, 2012).

From a Biblical perspective, this is similar to the story of the Good Samaritan. Obviously, if you see someone hurt and bleeding on the side of the road, you need to stop and see if they need help.

But to a person passing by who might have been tricked the last time they offered to help someone, say they ended up getting robbed and assaulted, that person really can't be blamed for not wanting to get tricked again.

Similar to the intern in this scenario, if they realize they are going to lose their job if they report the findings, but feel ethically compelled to report anyway, they might consider reporting the findings anonymously. Similarly, in the Good Samaritan story, many people walked by, but even if they were too afraid to stop and intervene, they should have taken the time to report what they saw to someone further up the road. References NIST Joint Task Force Transformation Initiative Interagency Working Group, (2012).

Guide for Conducting Risk Assessments.

"Web Hacking" with Burp Suite. Retrieved August 31, 2017

Verified Expert

The paper is about the situation a person can likely fall and needs to take a decision on an ethical basis which is highlighted in the paper. This papers also details from the Bible perspective. This paper has been prepared in Microsoft office document.

Reference no: EM131625743

Questions Cloud

Management department of a major retailer : Assume you have been hired by me to work in the management department of a major retailer, such as Wal-Mart. We are having trouble with some colleagues.
Create an ERD that represents your 3NF relations : Draw a dependency diagram to show the functional dependencies in the relation. Create an ERD that represents your 3NF relations
Research the merits of patent protection in lilys situation : Conclude with a determination on whether a patent would benefit Lily Dance Fitness, and provide a rationale for your answer.
Governs workers compensation for the state : The state workers' compensation board that governs workers' compensation for the state that your company resides andperforms all of its business in
Critical vulnerabilities on the public facing website : Issue in this scenario is why are there critical vulnerabilities on the public facing website to begin with?
Test data transactions in a payroll processing program : Use the computer-based electronic audit documentation on the textbook website to perform a test of the computerized payroll processing program.
What is your opinion of the clients request : Review the, What would you do in this situation? presented on pages 3-8 of your text. What is your opinion of the client's request?
Elaborate on the role of a team covenant and its benefits : Elaborate on the role of a team covenant and its benefits.
Essay on challenges that adults returning to college face : What are the challenges that adults returning to college face in their their first year and how can they be overcome

Reviews

inf1625743

10/23/2017 4:44:54 AM

It fulfills my requirement. good assignment with very little plagiarism and i would like to connect to for further assignments for sure. thanks...

len1625743

9/4/2017 1:45:23 AM

Similarly, in the Good Samaritan story, many people walked by, but even if they were too afraid to stop and intervene, they should have taken the time to report what they saw to someone further up the road. References NIST Joint Task Force Transformation Initiative Interagency Working Group, (2012). Guide for Conducting Risk Assessments . Retrieved 31, Primal Security. (n.d.),"Web Hacking" with Burp Suite. Retrieved

Write a Review

Computer Engineering Questions & Answers

  Mathematics in computing

Binary search tree, and postorder and preorder traversal Determine the shortest path in Graph

  Ict governance

ICT is defined as the term of Information and communication technologies, it is diverse set of technical tools and resources used by the government agencies to communicate and produce, circulate, store, and manage all information.

  Implementation of memory management

Assignment covers the following eight topics and explore the implementation of memory management, processes and threads.

  Realize business and organizational data storage

Realize business and organizational data storage and fast access times are much more important than they have ever been. Compare and contrast magnetic tapes, magnetic disks, optical discs

  What is the protocol overhead

What are the advantages of using a compiled language over an interpreted one? Under what circumstances would you select to use an interpreted language?

  Implementation of memory management

Paper describes about memory management. How memory is used in executing programs and its critical support for applications.

  Define open and closed loop control systems

Define open and closed loop cotrol systems.Explain difference between time varying and time invariant control system wth suitable example.

  Prepare a proposal to deploy windows server

Prepare a proposal to deploy Windows Server onto an existing network based on the provided scenario.

  Security policy document project

Analyze security requirements and develop a security policy

  Write a procedure that produces independent stack objects

Write a procedure (make-stack) that produces independent stack objects, using a message-passing style, e.g.

  Define a suitable functional unit

Define a suitable functional unit for a comparative study between two different types of paint.

  Calculate yield to maturity and bond prices

Calculate yield to maturity (YTM) and bond prices

Free Assignment Quote

Assured A++ Grade

Get guaranteed satisfaction & time on delivery in every assignment order you paid with us! We ensure premium quality solution document along with free turntin report!

Submit Assignment

Academics

Major Subjects

Majors

Get In Touch

whatsapp: +1-415-670-9521

Phone: +1-415-670-9521

Email: [email protected]

TERMS & POLICIES

HELP & SUPPORT

All rights reserved! Copyrights ©2019-2020 ExpertsMind IT Educational Pvt Ltd