People today could not live without internet connection. Electronic device such as smart phone, tablets and laptop which connect to internet is convenience for people to work or study. On the contrary, vulnerability adversely affect organization and users in their daily life.
2.0 Discussion & analysis
2.1 Case 1
Vulnerability: Web Application
Threat/attack: Cross-site scripting (XSS) attack
Protection: Software and architects and developer
Website nowadays relies heavily on complex web application to deliver content to a wide variety of users according difference preference and specific needs. This is to show that the organization have the ability to provide the better value for their customer. However, dynamic website suffers from vulnerabilities such as Cross-site scripting (XSS). Cross-site scripting (XSS) is kind of the prevalent computer security vulnerability and it can access in Web applications. XSS allow the attackers to access client-side script into web pages by malicious JavaScript, HTML and Flash to a vulnerable dynamic page to fool other user. XXS might be used by attacker to control the user data including origin policy, sensitivity of data. Any web pages which go through path to the database can be vulnerable to this attack technique such as Login page, Forgot password page and etc. XSS is remaining the top in the threat of web applications, database and website.
Figure 1 .0 Chart of Top Vulnerability Categories
According to the figure 1.0, XSS is the top vulnerability categories which posses 68% (Msnd.com, 2014).
Figure 2.0 Microsoft Security Response Center (MSRC) shown the growth of XSS vulnerabilities
Chart above shown XSS growth year by year and start to push out other types of vulnerabilities. With the increase of XSS, business and customer will be worry and anxious of their data outflow and privacy exposure. Recently, TweetDeck temporarily brought down by XXS hack. TweetDeck is a popular application which under twitter. Hacker hit the service with rapid retweet and strange error message TweetDeck user reported the issue and said the code retweeting by unknown users and the code spreading to other users. One retweet manage that 38000 times retweet in two minute. Major TweetDeck users get affected by the hack included BBC breaking news and senior white house official account. (Csmonitor.com, 2014). As a conclusion, XSS hack is a serious vulnerability which made TweetDeck service shut down at that time and brings many users inconvenience.
Impact of Cross-site scripting (XSS)
Organization & customer
Cross-site scripting (XSS) attack works and bring many potential impacts to different aspect which included the organization and customer. There are several attack affected the organizations users and employees which lead to serious repercussion on the organization. Organization can be impacted seriously if the hacker successfully attack the website then generate revenue and the production web application. Even though, some organization do not have the experience on XSS attack but if there are the any vulnerability exit and it found by others people first and it may get published on the news and directly damage the reputation of the organization. However, XSS is the client-side attack so the users might be the first one gets impacted. If the organization website gets XSS attack and attacker might get the user’s cookies and gain user information. For an example, XSS attacks have serious effect TweetDeck and bring the bad customer experience for their users. In this case, users become the victims and it lead to various repercussions such as included data outflow, deployment of malware. On the contrary, this impact will come to the TweetDeck site. Once the users realize they are the target of XSS attacks and users will put the responsibility on TweetDeck. Therefore, the organization loss their customer due to poor customer experience.
Monetary Cost of resolved