Add to collection(s) Add to saved
  1. Business
  2. Finance
Uploaded by JOHN MBURU

CWE

advertisement 
Running head: COMMON WEAKNESS ENUMERATION
Common Weakness Enumeration
Name
University
05/27/2020
COMMON WEAKNESS ENUMERATION
2
Today, software developers, security vendors, researchers, and application vendors must
identify vulnerabilities in software before they are deployed. Since there are numerous
weaknesses, the security professionals must prioritize the weaknesses to sort out first based on
which poses the most significant risks. The most popular scoring system is the Common
Weakness Scoring System (CWSS). The Common Weakness Scoring System (CWSS) provides
a common framework for prioritizing weaknesses discovered in software (Martin, 2014). The
common weakness scoring system is divided into three metric groups. First, base finding metric
identifies risks posed by the vulnerability, strength of controls, and confidence in the accuracy of
the results. Second, the attack surface identifies barriers to overcome in order to exploit the
weakness, and lastly, the environmental metric identifies the characteristics of the vulnerabilities
particular to a specific environment (Martin, 2014). All these metrics are combined to produce
the CWSS score.
Cross-Site Request Forgery is a vulnerability that allows attackers to lure users into
acting unintentionally (Martin, 2014). For instance, an attacker might change the password,
username, email address, or make funds transfer. Depending on the victim's action, the malicious
actor might gain full control of the victim's account. In case the victim enjoys privileged roles,
the attacker might obtain full control of the application data. Currently, it is challenging to detect
cross-site request forgery using automated techniques since each of the applications has policies
that dictate which requests can be influenced by an outsider (Martin, 2014). To prevent CrossSite Request Forgery attacks, businesses should transition from session-tracking cookies to
session tokens that are dynamically generated (Martin, 2014). It is also advisable not to assume
that site you're visiting has policies to prevent CSRF attacks. The following proactive measures
can be taken to avoid CSRF attacks. First, install antivirus software and ensure it is up to date
COMMON WEAKNESS ENUMERATION
(Dargin, 2017). Second, avoid opening emails while authenticated to a site that performs
financial transactions. Lastly, users are advised to disable scripting in their browser (Dargin,
2017).
3
COMMON WEAKNESS ENUMERATION
4
References
Martin, B. (2014). CWE - Common Weakness Scoring System (CWSS). Retrieved 27 May
2020, from https://cwe.mitre.org/cwss/cwss_v1.0.1.html
Dargin, M. (2017). How to protect against cross-site request forgery attacks. Retrieved 27 May
2020, from https://www.networkworld.com/article/3190444/how-to-protect-againstcross-site-request-forgery-attacks.html
Related documents
Scientific Method Test Analysis Worksheet
Scientific Method Test Analysis Worksheet
H2 survey
H2 survey
Measurement Test Analysis
Measurement Test Analysis
Writing Reflection 4U 2018
Writing Reflection 4U 2018
Chapter 18 Writing Business Letters
Chapter 18 Writing Business Letters
Download
advertisement