scholarly journals Digital Auditing: A Technique to Ensure Security

2020 ◽  
pp. 371-379
Author(s):  
Nidhi Dandotiya ◽  
Pallavi Khatri ◽  
Abhinandan Singh Dandotiya
Keyword(s):  
Personal Computer ◽  
System Security ◽  
Automated Systems ◽  
Application Security ◽  
Security Issues ◽  
Security Audits

Security is one of the ever-rising provinces in about every field of society and computers are no freak. The system on the network can be attacked if it is easy to break its security or it is vulnerable. Security issues that exist in connection to a machine on network are system security and application security. For ensuring security of personal computer regular security audits of the system needs to be done. One main objective of auditing is to ensure that systems are safe or not. Digital auditing can be manual or automated. Systems audit leads to check that the vulnerability of system to different attacks that can be done on it. Similarly, a website running on the system can also be exploited for any vulnerability in it. This work investigates the methods of system and application auditing to identify the weakness at system and application level.

Practical Web Application Security Audit Following Industry Standards and Compliance

2011 ◽  
pp. 259-279
Author(s):  
Shakeel Ali
Keyword(s):  
Web Application ◽  
Assessment Process ◽  
Security Assessment ◽  
Web Application Security ◽  
Application Security ◽  
Security Issues ◽  
Pci Dss ◽  
Industry Standards ◽  
Before And After ◽  
Security Standards

A rapidly changing face of internet threat landscape has posed remarkable challenges for security professionals to thwart their IT infrastructure by applying advanced defensive techniques, policies, and procedures. Today, nearly 80% of total applications are web-based and externally accessible depending on the organization policies. In many cases, number of security issues discovered not only depends on the system configuration but also the application space. Rationalizing security functions into the application is a common practice but assessing their level of resiliency requires structured and systematic approach to test the application against all possible threats before and after deployment. The application security assessment process and tools presented here are mainly focused and mapped with industry standards and compliance including PCI-DSS, ISO27001, GLBA, FISMA, SOX, and HIPAA, in order to assist the regulatory requirements. Additionally, to retain a defensive architecture, web application firewalls have been discussed and a map between well-established application security standards (WASC, SANS, OWASP) is prepared to represent a broad view of threat classification.

The Human Factors Issues in Information Security: What are They and Do They Matter?

1998 ◽  
Vol 42 (4) ◽  
pp. 439-443
Author(s):  
Pamela R. McCauley-Bell ◽  
Lesia L. Crumpton
Keyword(s):  
Information Technology ◽  
Information Systems ◽  
Information Security ◽  
Human Factors ◽  
Human Error ◽  
System Security ◽  
Security Protocol ◽  
Human Interaction ◽  
Security Issues

The information technology field has been increasingly plagued by threats to the security of information systems, networks, and communication media. The solutions to these problems have primarily focused on the techniques to more closely safeguard networks (i.e. firewalls) with similar efforts being put into assessing the vulnerabilities of the hardware and software aspects of the systems. With the exception of discussions into more creative password selection, discussion pertaining to the role of the user, can play in reducing the risk of human error and thus promoting system security has been extremely limited. This lecture will present an overview of information security issues impacted by human interaction that may or may not play a role in promoting system security. Understanding that information systems are in fact composed of hardware and software components which must be addressed using traditional information security protocol, this lecture will provide an understanding of the possible risk that the human/user poses to an information system. Once the risks or factors associated with the human in the security of the system are identified, the next question is do the factors matter? The objective of this lecture is to present an intellectual discussion of human factors issues and their impact on information security. This is an important discussion topic that the information technology field can not afford to ignore.

scholarly journals Analisis Keamanan Website dengan Information System Security Assessment Framework (Issaf) dan Open Web Application Security Project (Owasp) di Rumah Sakit Xyz

2021 ◽  
Vol 2 (4) ◽  
pp. 506-519
Author(s):  
Agus Rochman ◽  
Rizal Rohian Salam ◽  
Sandi Agus Maulana
Keyword(s):  
Information System ◽  
Web Application ◽  
Web Server ◽  
System Security ◽  
Security Assessment ◽  
Assessment Framework ◽  
Web Application Security ◽  
Application Security ◽  
Information System Security

Sistem keamanan komputer semakin dibutuhkan seiring dengan meningkatnya pengguna yang terhubung ke jaringan internet, hal ini dapat memicu terjadinya tindak kejahatan cyber oleh orang yang tidak bertanggung jawab. Penelitian ini dilakukan pada Sistem Informasi sebuah Rumah Sakit. Salah satunya web server untuk informasi HRD. Sistem ini berisikan data karyawan dan data absensi karyawan. Keamanan webserver biasanya merupakan masalah bagi administrator. Sering kali permasalahan tersebut terabaikan dan permasalahan dapat ditelusuri ketika terjadi bencana. Tanpa sistem keamanan yang baik, sehebat apapun teknologi sistem informasi akan membahayakan suatu instansi atau organisasi itu sendiri. Berdasarkan latar belakang tersebut, maka dibutuhkan evaluasi mengenai adanya celah keamanan (vulnerability) dan kelemahan dari website sistem informasi HRD.  Metode penelitian menggunakan Information System Security Assesment Framework dan Open Web Application Security Project dengan menggunakan tools nikto untuk mencari celah keamanan (vulnerability), owas zap dan sistem operasi menggunakan linux. Hasil Pengujian disimpulkan dapat menjadi solusi untuk mengatasi permasalahan terhadap kelemahan webserver Sistem Informasi HRD. Pengujian  sebaiknya dilakukan lebih dari 1 kali secara mendalam, melakukan proses maintenance terhadap hardware, software, maupun jaringan, melakukan filter port dan melakukan peningkatkan keamanan server secara berkala, baik dengan cara menggunakan antivirus original maupun scanning secara berkala.

scholarly journals Security Issues of Web Services of Large Scale Distributed Database

2021 ◽  
pp. 373-379
Author(s):  
Dr. Manish Jivtode
Keyword(s):  
Cloud Computing ◽  
Distributed Computing ◽  
Web Services ◽  
Large Scale ◽  
Distributed Database ◽  
Distributed Environment ◽  
Distributed Application ◽  
Application Security ◽  
Security Issues ◽  
Open Platform

Cloud computing is viewed as one of the most promising technologies in computing today. This is a new concept of large scale distributed computing. It provides an open platform for every user on the pay-per-use basis. Cloud computing provides number of interfaces and APIs to interact with the services provided to the users. With the development of web services distributed application, Security of data is another important subject in various layers of distributed computing. In this study, security of data that can be used during the access of distributed environment over various layers will be described.

Taxonomy of Login Attacks in Web Applications and Their Security Techniques Using Behavioral Biometrics

2020 ◽  
pp. 122-139
Author(s):  
Rizwan Ur Rahman ◽  
Deepak Singh Tomar
Keyword(s):  
Web Application ◽  
Initial Phase ◽  
Web Applications ◽  
Application Development ◽  
Web Application Security ◽  
Application Security ◽  
Security Issues ◽  
Large Numbers ◽  
Web Application Development ◽  
The Web

Research into web application security is still in its initial phase. In spite of enhancements in web application development, large numbers of security issues remain unresolved. Login attacks are the most malevolent threats to the web application. Authentication is the method of confirming the stated identity of a user. Conventional authentication systems suffer from a weakness that can compromise the defense of the system. An example of such vulnerabilities is login attack. An attacker may exploit a pre-saved password or an authentication credential to log into web applications. An added problem with current authentication systems is that the authentication process is done only at the start of a session. Once the user is authenticated in the web application, the user's identity is assumed to remain the same during the lifetime of the session. This chapter examines the level login attacks that could be a threat to websites. The chapter provides a review of vulnerabilities, threats of login attacks associated with websites, and effective measures to counter them.

Security Issues of CPS

2015 ◽  
pp. 140-160
Keyword(s):  
Control System ◽  
Information Flow ◽  
Physical System ◽  
Ad Hoc ◽  
System Security ◽  
Cyber Physical System ◽  
Ad Hoc Routing ◽  
Security Systems ◽  
Active Method ◽  
Security Issues

As cyber physical system security is not satisfactory, the security of a particular infrastructure depends on both internal and other related vulnerabilities. Communications between components in the cyber and physical realms lead to unintentional information flow. This chapter describes the difficult communications that occurs between the cyber and physical domains and their impact on security. Assailants may be competent to initiate exclusive attacks to cyber physical systems. There are several types of attacks that affect the interactions between the cyber and physical devices, which might be in a passive way or in an active method. Even though the communication provides authenticity and confidentiality, a few attacks form some threats against ad hoc routing protocols as well as location-based security systems. It has been said that many attacks modify the activities of the targeted control system.

Security in Computer Networks

2018 ◽  
Vol 7 (1) ◽  
pp. 45-52
Author(s):  
Ana-Maria CERNOV
Keyword(s):  
Network Security ◽  
Personal Computer ◽  
Internet Security ◽  
Cyber Attacks ◽  
Computer Users ◽  
The Internet ◽  
Security Technology ◽  
Security Issues ◽  
History Of ◽  
The Military

Network security has become more important to personal computer users, organizations, and the military. With the advent of the internet, security became a major concern and the history of security allows a better understanding of the emergence of security technology. This paper presents the main issues regarding the network security issues and solutions to fight back the cyber-attacks.

Sign in / Sign up

Export Citation Format

Share Document