Q

the regional gardens has been subjected to various security vulnerabilities and attacks

Home, - Discuss Security risks for web services

Question: Discuss Security risks for web services

Solution:
The microservices based web services of the regional gardens has been subjected to various security vulnerabilities and attacks. Thus the risks and threats evolve in the microservices based web services and its impacts on the web services can be evaluated in this session. The security risks evolve may affect the data integrity, availability, confidentiality, accountability and so on. Thus taking care of the security threats and providing appropriate solution is essential to destroy those issues. And the security threats and issues in web services have been described and some of the mitigation strategy also explored in the below table:

Risk

Risk description

Likelihood

Consequences

Mitigation measures

Eavesdropping

 

The classified information and data transactions occur frequently via web services. By careful examination of the data, attackers can perform eavesdrop to insert the SOAP messages and read the entire information persist in it. The critical concerns emerge by performing sniffing operations and obtaining the data of the passwords and credit card data.

 

The likelihood of this risk will be high.

Gain control over the entire data by the intruders.

  • Updating antivirus software in timely manner.
  • Usage of strong passwords
  • Avoid usage of publicly available Wi-Fi networks(Lu, 2017).

 

Buffer overflow

 

The native applications can be affected from the unchecked data sizes. If the input des not undergo any validation process then the buffer overflow attack takes place via SOAP requests. The buffer overflow significantly results in crashing of the system or application. In this mean time, the hacker obtains the required data from those databases and causes serious of issues. The data storage exceeds the string capacity of memory buffer and can destroy all software types.

Low

Memory overflows and affects the data availability.

  • Testing of public interfaces
  • Usage of high quality code

XML injection

The SQL injection brings out higher risks by the exploitation of the SOAP messages. If the servers exist in the regional garden does not validate the data in appropriate manner then the SOAP messages can be used easily to create the XML data. It can insert certain parameters into SQL query and execution of the server takes place with web service rights.

High

Allows untrusted users to access the data (Tiwari, 2018)

  • Removal of single and double quotes used by the user while entering the input.
  • Proper monitoring and sanitization of the user input.

Malware infection

 

The email is one of the important communications in the regional garden and thus intruders may employ email spam technique to made attack on email. The intruders will use the spam email and thus the link or file that exist in the file will be downloaded by the users and it will causes crashing of the system and web services cannot be provided in effective manner. The spying activity done to steal the private data of the user and thus infiltrates into the system with the usage of those data.

Medium

Service unavailability occurs due to crashing of the system (Bettany, 2017).

  • Installation of firewall
  • Back up the important data regularly
  • The employees should not click the untrusted links or applications

DDoS attack

The flooding of the target takes place with the usage of the traffic and thus the availability of the web services gets affected by this attack. The security flaws emerge can affect the services and thus the user dissatisfaction may emerge. It sometimes causes crashing of the entire system due to affected online services. This will significantly results in downed server due to the too many requests emerge from the legitimate users.

 

High

Reputational damage due to interrupted services and also gaining some sensitive data of the user (Kadyrov, 2019).

  • Monitoring network traffic
  • Activation of the application firewall
  • Country blocking(Mishra, 2020)

Session Hijacking

The illegal control of the authorized user's session and it occurs by stealing the valid session cookie and employed for gaining the particular user privilege of particular application. By performing the interception with use of SOAP messages, the attacker indulges in hijacking of the user session. The login information of the legitimate users steeled by the intruders and performing the attacks to gain control over the system (Burgers, 2019).

The likelihood of this risk will be low (Sathiyamoorthy, 2019).

It creates serious of concerns such as flooding of the entire server and thus retrieving or accessing of the data from the servers is not possible (Vinod, 2018).

  • End to end encryption
  • Usage of secure shell and HTTP to carry out the data transaction activity in secured manner.


Leave a comment


       
Captcha

Related :-