Project 3: Web Application Security Controls Turnitin™ enabled

CST 620 Prevention of Cyber Attack Methodologies Project 3 – Web Application Security Controls Security Control Implementation Report Template Prepared By: Firstname Lastname Version 1.0 Introduction As cyberattacks get more sophisticated and cyberthreats escalate, it is imperative to ensure web app security. We've included proactive steps in our Security Control Implementation Report to protect web apps from assaults and security breaches. By methodically putting strong security measures in place, we want to reduce risks and encourage a culture of alertness and adaptability in growth. This document describes the painstaking measures we took to improve the security of our web applications, guaranteeing the confidentiality, availability, and integrity of vital data and services. 1 Web Application Security Best Practices • Regularly update all software components, including web, application, and database servers. Libraries, frameworks, and dependencies are included in this. • By using HTTPS, use SSL/TLS encryption for data in transit to guard against man-in-the-middle attacks and eavesdropping. • To guard against risks of SQL injection, XSS, and command injection, validate and sanitize every user input. • When interacting with the database, use prepared statements or parameterized queries to reduce the possibility of SQL injection. • To prevent XSS attacks, encode user input before rendering it. • Use multi-factor authentication and base permission on the least privilege principle. These are examples of strong authentication techniques. • Use secure, random session IDs, enforce session expiration, and refresh session IDs upon authentication to prevent session fixation and hijacking. • For security testing, perform frequent code reviews, penetration tests, and vulnerability scans. • To distinguish human users from automated systems and stop brute force assaults, utilize rate limitation and captchas (OWASP Foundation, 2021). • Harden server setups, restrict pointless services, and adhere to secure configuration guidelines. • To stop data theft in the case of a breach, encrypt critical data while it's at rest using strong encryption techniques. • Keep a close eye on system logs and analytics to spot anomalous behavior, illegal access attempts, and security lapses. • To respond swiftly to security issues and lessen their impact, have a well-defined incident response plan in place. • Check third-party APIs and integrations for security flaws on a regular basis. • To improve security, use a firewall for internet apps. 2 Web Application Security Control Implementation and Testing [Below are the steps taken to implement web application security control best practices]. 1.Download version 3.0.0.0 wamp server and select a language. The best way to download and install WampServer version 3.0.0.0 is to use the official WampServer website or a reliable software distribution platform search it first. If found click the link for your version of the software (which is either 32-bit or 64-bit). Once the download is complete, go to the ‘Downloads’ folder in which you downloaded the installer file, then double click on it to start the installation process. The installation begins with a step that initiates to ask you to select a language for the installation interface; choose your favourite language from the options given (Ballal, 2020). Click 'OK' to continue, then install WampServer onto your Windows machine by following the tabs on-screen. Fig1.0 Representing an image showing the language chosen when installing 2. Select the language and click ok button. Accept the license agreement After choosing your preferred language of the WampServer installation, click on the 'OK' button to go on. The following step includes reviewing and accepting the licensing agreement. A window will be displayed stating software's terms and conditions; carefully go through these terms. With regards to the installation procedure, please note that you must agree by selecting the option that states your acceptance, usually a box that you must check or an "I Agree" option. After you have accepted the licensing agreement, you can continue with the rest of the installation process. Fig1.1 Representing an image showing the agreement acceptance stage 3.Read and accept the licence agreement and click next . you will see wamp information Open the WampServer license agreement that you are expected to approve with the provided step in the installation process by selecting the desired option, usually either ‘I Agree’ or ‘Checked’ box. The Acknowledgment has been accepted; Press the ‘Next’ button to continue. Once this action is done, you will see the window, from which you will learn about WampServer, information which contains features, requirements or any other data that will help you to understand the software before running the setup (SANS Institute, N.d.). Fig1.2 Representing an image showing the license 4.Read wamp information then click next button you will be asked to define installation location. After reading the information on WampServer which entails its features and requirements, click the ‘Next’ button. This command will take you...