Q the regional gardens has been subjected to various security vulnerabilities and attacks Home, - Discuss Security risks for web services Question: Discuss Security risks for web services Solution:The microservices based web services of the regional gardens has been subjected to various security vulnerabilities and attacks. Thus the risks and threats evolve in the microservices based web services and its impacts on the web services can be evaluated in this session. The security risks evolve may affect the data integrity, availability, confidentiality, accountability and so on. Thus taking care of the security threats and providing appropriate solution is essential to destroy those issues. And the security threats and issues in web services have been described and some of the mitigation strategy also explored in the below table: Risk Risk description Likelihood Consequences Mitigation measures Eavesdropping The classified information and data transactions occur frequently via web services. By careful examination of the data, attackers can perform eavesdrop to insert the SOAP messages and read the entire information persist in it. The critical concerns emerge by performing sniffing operations and obtaining the data of the passwords and credit card data. The likelihood of this risk will be high. Gain control over the entire data by the intruders. Updating antivirus software in timely manner. Usage of strong passwords Avoid usage of publicly available Wi-Fi networks(Lu, 2017). Buffer overflow The native applications can be affected from the unchecked data sizes. If the input des not undergo any validation process then the buffer overflow attack takes place via SOAP requests. The buffer overflow significantly results in crashing of the system or application. In this mean time, the hacker obtains the required data from those databases and causes serious of issues. The data storage exceeds the string capacity of memory buffer and can destroy all software types. Low Memory overflows and affects the data availability. Testing of public interfaces Usage of high quality code XML injection The SQL injection brings out higher risks by the exploitation of the SOAP messages. If the servers exist in the regional garden does not validate the data in appropriate manner then the SOAP messages can be used easily to create the XML data. It can insert certain parameters into SQL query and execution of the server takes place with web service rights. High Allows untrusted users to access the data (Tiwari, 2018) Removal of single and double quotes used by the user while entering the input. Proper monitoring and sanitization of the user input. Malware infection The email is one of the important communications in the regional garden and thus intruders may employ email spam technique to made attack on email. The intruders will use the spam email and thus the link or file that exist in the file will be downloaded by the users and it will causes crashing of the system and web services cannot be provided in effective manner. The spying activity done to steal the private data of the user and thus infiltrates into the system with the usage of those data. Medium Service unavailability occurs due to crashing of the system (Bettany, 2017). Installation of firewall Back up the important data regularly The employees should not click the untrusted links or applications DDoS attack The flooding of the target takes place with the usage of the traffic and thus the availability of the web services gets affected by this attack. The security flaws emerge can affect the services and thus the user dissatisfaction may emerge. It sometimes causes crashing of the entire system due to affected online services. This will significantly results in downed server due to the too many requests emerge from the legitimate users. High Reputational damage due to interrupted services and also gaining some sensitive data of the user (Kadyrov, 2019). Monitoring network traffic Activation of the application firewall Country blocking(Mishra, 2020) Session Hijacking The illegal control of the authorized user's session and it occurs by stealing the valid session cookie and employed for gaining the particular user privilege of particular application. By performing the interception with use of SOAP messages, the attacker indulges in hijacking of the user session. The login information of the legitimate users steeled by the intruders and performing the attacks to gain control over the system (Burgers, 2019). The likelihood of this risk will be low (Sathiyamoorthy, 2019). It creates serious of concerns such as flooding of the entire server and thus retrieving or accessing of the data from the servers is not possible (Vinod, 2018). End to end encryption Usage of secure shell and HTTP to carry out the data transaction activity in secured manner. Related: What is Hybrid Cloud approach Discuss Cloud architecture with reason for deploying Issues in implementation of cloud architecture Discuss Security risks for web services
Related :- Q Issues in implementation of cloud architecture issues in implementation of cloud architecture - There are various benefits obtained with the implications of those architectures. Q Discuss Cloud architecture with reason for deploying discuss cloud architecture with reason for deploying - Critical issues in the cloud environment and thus concentrating on those factors can resultant. Q What is Hybrid Cloud approach what is hybrid cloud approach - transit the data of the regional gardens to the cloud model such as hybrid approach. Q Possible security controls that would prevent the loss Possible security controls that would prevent the loss or breach of user data, while still enabling effective tracking for COVID-19 Q Discusses the issues of data sovereignty discusses the issues of data sovereignty - Discusses the issues of data sovereignty that may apply to the storage of CovidSafe data in U.S. based Cloud storage. Q Discusses the possible threats to the privacy of a user data Discusses the possible threats to the privacy of a user data, location and activities from the use of the CovidSafe app. Q Discusses the possible threats and risks discusses the possible threats and risks - Discusses the possible threats and risks to the security of user data on mobile phones, and in linked Cloud Q How they can protect companys data and resources how they can protect companys data and resources - ITC596 IT Risk Management - A security policy that would act to preserve the Confidentiality of their data. Q Need for security policies at DR Alarms need for security policies at dr alarms - ITC596 - How these policies will enhance DR Alarms security and help to raise their level of cyber security maturity Q Write a proposal for DR alarms write a proposal for dr alarms - Discuss and propose security policies to protect their data and resources.