Reference no: EM133459264

Question: Submit a 2-page status report that includes your evaluation of theories, principles, and best practices surrounding cybersecurity and your project.

This should include recent strategies for cybersecurity defenses. Also, describe the tasks completed in this milestone in an updated work breakdown structure (WBS), in Excel®, Word, or Project®, showing the actual time it took to complete each task. Finally, describe lessons learned while implementing this milestone. In addition, demonstrate that the milestone is fully completed by showing sufficient evidence. You should also include the following completed milestone: Risk #1: Malicious code injection

• Current state: XYZ's software applications may not have adequate measures to prevent malicious code injection, leaving them vulnerable to data breaches and system crashes.
• Desired state: XYZ should implement secure coding practices such as input validation, sanitization, and secure coding frameworks to prevent malicious code injection. Additionally, the company should conduct regular code reviews and penetration testing to identify and address vulnerabilities.
• Risk #2: Unvalidated input
• Current state: XYZ's input validation process may not be robust enough to detect and prevent input validation vulnerabilities, which can lead to attackers executing arbitrary code or accessing unauthorized data.
• Desired state: XYZ should implement strong input validation measures that include input sanitization and validation checks for data type, length, and format. Additionally, the company should conduct regular vulnerability scans and penetration testing to identify and address input validation vulnerabilities.
• Risk #3: Cross-site scripting
• Current state: XYZ may not have adequate measures in place to prevent cross-site scripting attacks, which can lead to the theft of sensitive information.
• Desired state: XYZ should implement security measures such as input validation, output encoding, and secure coding practices to prevent cross-site scripting attacks. Additionally, the company should conduct regular vulnerability scans and penetration testing to identify and address cross-site scripting vulnerabilities.
• Risk #4: Broken authentication and session management
• Current state: XYZ's web applications may not have proper authentication and session management mechanisms, making them vulnerable to session hijacking attacks.
• Desired state: XYZ should implement strong authentication and session management measures, such as using secure session cookies, enforcing strong password policies, and implementing multi-factor authentication. Additionally, the company should conduct regular vulnerability scans and penetration testing to identify and address authentication and session management vulnerabilities.