{"id":2297,"date":"2013-02-06T13:18:50","date_gmt":"2013-02-06T18:18:50","guid":{"rendered":"http:\/\/www.carnaghan.com\/?p=2297"},"modified":"2019-07-22T17:17:27","modified_gmt":"2019-07-22T22:17:27","slug":"risks-threats-and-vulnerabilities","status":"publish","type":"post","link":"https:\/\/www.carnaghan.com\/risks-threats-and-vulnerabilities\/","title":{"rendered":"Risks, Threats and Vulnerabilities"},"content":{"rendered":"

According to SANS (2009) attacks against websites and web applications constitute more than 60% of total attacks observed on the internet.  The risk of attack is generally based on the probability that a threat of some kind will exploit a vulnerability or weakness in a system or network.  In recent years risks have been taken more seriously with many businesses that conduct online activities.  As a software developer for a management consultancy firm here in the Washington DC area, it is my job to write software that is secure and safe to use at federal agencies.  Our organization\u2019s I.T. department enforces strict policies in hosting web applications.  Our hosting team is routinely carrying out security testing, which involves testing the software to ensure that it will \u201ccontinue to function correctly under malicious attack\u201d McGraw (2010).<\/p>\n

In my experience a risk is any chance that one of our systems will come under attack, whether for destructive purposes or to steal sensitive data.  Whether or not an attack is successful depends on vulnerabilities, which provide opportunities to the cybercriminal.  The most common vulnerability in web applications stems from a lack of validation or sanitization of data sent to a web application in the form of malicious code.  Bergeron et al. (2001) describe malicious code as \u201cpieces of code that can affect the secrecy, the integrity, the data and control flow, and the functionality of a system.\u201d   The two most common attacks come in the form of cross-site scripting and SQL server injections, which take advantage of vulnerabilities in the systems they target.  As a developer I continually try to keep myself updated on the most common security vulnerabilities inherent of web applications.  The major threats we face as an organization are attacks from individuals or groups who seek to steal sensitive data, either for profit or ulterior reasons.   It is therefore essential that the development, system administration and management teams are all aware of these threats, which affect overall awareness of potential vulnerabilities to take action and mitigate risk.<\/p>\n

References:<\/p>\n

    \n
  1. Bergeron, J., Debbabi, M., Desharnais, J. Erhuioui, M., Lavoie, Y., & Tawbi, N. (2001) Static detection of melicious code in executed programs. Int. J of Req. Eng. Retrieved from http:\/\/citeseerx.ist.psu.edu\/viewdoc\/download?doi=10.1.1.102.6845&rep=rep1&type=pdf<\/li>\n
  2. McGraw, G. (2004). Software Security. Security and Privacy, IEEE, pp. 80-83, March\/April, 2004<\/li>\n
  3. SANS (2009). The Top Cyber Security Risks. Computer Security Training, Network Research & Resources.  Retrieved from http:\/\/www.sans.org\/top-cyber-security-risks\/<\/a><\/li>\n<\/ol>\n","protected":false},"excerpt":{"rendered":"

    According to SANS (2009) attacks against websites and web applications constitute more than 60% of total attacks observed on the internet.  The risk of attack is generally based on the probability that a threat of some kind will exploit a vulnerability or weakness in a system or network.  In recent years risks have been taken […]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[356],"tags":[4235],"post_series":[409],"class_list":["post-2297","post","type-post","status-publish","format-standard","hentry","category-cybersecurity","tag-csec-620","post_series-human-aspects-in-cybersecurity"],"yoast_head":"\nRisks, Threats and Vulnerabilities - Ian Carnaghan<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.carnaghan.com\/risks-threats-and-vulnerabilities\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Risks, Threats and Vulnerabilities - Ian Carnaghan\" \/>\n<meta property=\"og:description\" content=\"According to SANS (2009) attacks against websites and web applications constitute more than 60% of total attacks observed on the internet.  The risk of attack is generally based on the probability that a threat of some kind will exploit a vulnerability or weakness in a system or network.  In recent years risks have been taken […]\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.carnaghan.com\/risks-threats-and-vulnerabilities\/\" \/>\n<meta property=\"og:site_name\" content=\"Ian Carnaghan\" \/>\n<meta property=\"article:published_time\" content=\"2013-02-06T18:18:50+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2019-07-22T22:17:27+00:00\" \/>\n<meta name=\"author\" content=\"Ian Carnaghan\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@icarnaghan\" \/>\n<meta name=\"twitter:site\" content=\"@icarnaghan\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Ian Carnaghan\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"2 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\/\/www.carnaghan.com\/risks-threats-and-vulnerabilities\/#article\",\"isPartOf\":{\"@id\":\"https:\/\/www.carnaghan.com\/risks-threats-and-vulnerabilities\/\"},\"author\":{\"name\":\"Ian Carnaghan\",\"@id\":\"https:\/\/www.carnaghan.com\/#\/schema\/person\/c689c24d516c51968a88b628860740a5\"},\"headline\":\"Risks, Threats and Vulnerabilities\",\"datePublished\":\"2013-02-06T18:18:50+00:00\",\"dateModified\":\"2019-07-22T22:17:27+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\/\/www.carnaghan.com\/risks-threats-and-vulnerabilities\/\"},\"wordCount\":429,\"commentCount\":1,\"publisher\":{\"@id\":\"https:\/\/www.carnaghan.com\/#\/schema\/person\/c689c24d516c51968a88b628860740a5\"},\"keywords\":[\"CSEC 620\"],\"articleSection\":[\"Cybersecurity\"],\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\/\/www.carnaghan.com\/risks-threats-and-vulnerabilities\/#respond\"]}]},{\"@type\":\"WebPage\",\"@id\":\"https:\/\/www.carnaghan.com\/risks-threats-and-vulnerabilities\/\",\"url\":\"https:\/\/www.carnaghan.com\/risks-threats-and-vulnerabilities\/\",\"name\":\"Risks, Threats and Vulnerabilities - Ian Carnaghan\",\"isPartOf\":{\"@id\":\"https:\/\/www.carnaghan.com\/#website\"},\"datePublished\":\"2013-02-06T18:18:50+00:00\",\"dateModified\":\"2019-07-22T22:17:27+00:00\",\"breadcrumb\":{\"@id\":\"https:\/\/www.carnaghan.com\/risks-threats-and-vulnerabilities\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/www.carnaghan.com\/risks-threats-and-vulnerabilities\/\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/www.carnaghan.com\/risks-threats-and-vulnerabilities\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/www.carnaghan.com\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Risks, Threats and Vulnerabilities\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/www.carnaghan.com\/#website\",\"url\":\"https:\/\/www.carnaghan.com\/\",\"name\":\"Ian Carnaghan\",\"description\":\"Software Developer, Blogger, Educator\",\"publisher\":{\"@id\":\"https:\/\/www.carnaghan.com\/#\/schema\/person\/c689c24d516c51968a88b628860740a5\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/www.carnaghan.com\/?s={search_term_string}\"},\"query-input\":\"required name=search_term_string\"}],\"inLanguage\":\"en-US\"},{\"@type\":[\"Person\",\"Organization\"],\"@id\":\"https:\/\/www.carnaghan.com\/#\/schema\/person\/c689c24d516c51968a88b628860740a5\",\"name\":\"Ian Carnaghan\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.carnaghan.com\/#\/schema\/person\/image\/\",\"url\":\"https:\/\/secure.gravatar.com\/avatar\/f2aa5baca80c2be728de43a975185d91?s=96&d=retro&r=g\",\"contentUrl\":\"https:\/\/secure.gravatar.com\/avatar\/f2aa5baca80c2be728de43a975185d91?s=96&d=retro&r=g\",\"caption\":\"Ian Carnaghan\"},\"logo\":{\"@id\":\"https:\/\/www.carnaghan.com\/#\/schema\/person\/image\/\"},\"description\":\"I am a software developer and online educator who likes to keep up with all the latest in technology. I also manage cloud infrastructure, continuous monitoring, DevOps processes, security, and continuous integration and deployment.\",\"sameAs\":[\"http:\/\/www.carnaghan.com\",\"https:\/\/x.com\/icarnaghan\"],\"url\":\"https:\/\/www.carnaghan.com\/author\/icarnaghan\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Risks, Threats and Vulnerabilities - Ian Carnaghan","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.carnaghan.com\/risks-threats-and-vulnerabilities\/","og_locale":"en_US","og_type":"article","og_title":"Risks, Threats and Vulnerabilities - Ian Carnaghan","og_description":"According to SANS (2009) attacks against websites and web applications constitute more than 60% of total attacks observed on the internet.  The risk of attack is generally based on the probability that a threat of some kind will exploit a vulnerability or weakness in a system or network.  In recent years risks have been taken […]","og_url":"https:\/\/www.carnaghan.com\/risks-threats-and-vulnerabilities\/","og_site_name":"Ian Carnaghan","article_published_time":"2013-02-06T18:18:50+00:00","article_modified_time":"2019-07-22T22:17:27+00:00","author":"Ian Carnaghan","twitter_card":"summary_large_image","twitter_creator":"@icarnaghan","twitter_site":"@icarnaghan","twitter_misc":{"Written by":"Ian Carnaghan","Est. reading time":"2 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.carnaghan.com\/risks-threats-and-vulnerabilities\/#article","isPartOf":{"@id":"https:\/\/www.carnaghan.com\/risks-threats-and-vulnerabilities\/"},"author":{"name":"Ian Carnaghan","@id":"https:\/\/www.carnaghan.com\/#\/schema\/person\/c689c24d516c51968a88b628860740a5"},"headline":"Risks, Threats and Vulnerabilities","datePublished":"2013-02-06T18:18:50+00:00","dateModified":"2019-07-22T22:17:27+00:00","mainEntityOfPage":{"@id":"https:\/\/www.carnaghan.com\/risks-threats-and-vulnerabilities\/"},"wordCount":429,"commentCount":1,"publisher":{"@id":"https:\/\/www.carnaghan.com\/#\/schema\/person\/c689c24d516c51968a88b628860740a5"},"keywords":["CSEC 620"],"articleSection":["Cybersecurity"],"inLanguage":"en-US","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/www.carnaghan.com\/risks-threats-and-vulnerabilities\/#respond"]}]},{"@type":"WebPage","@id":"https:\/\/www.carnaghan.com\/risks-threats-and-vulnerabilities\/","url":"https:\/\/www.carnaghan.com\/risks-threats-and-vulnerabilities\/","name":"Risks, Threats and Vulnerabilities - Ian Carnaghan","isPartOf":{"@id":"https:\/\/www.carnaghan.com\/#website"},"datePublished":"2013-02-06T18:18:50+00:00","dateModified":"2019-07-22T22:17:27+00:00","breadcrumb":{"@id":"https:\/\/www.carnaghan.com\/risks-threats-and-vulnerabilities\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.carnaghan.com\/risks-threats-and-vulnerabilities\/"]}]},{"@type":"BreadcrumbList","@id":"https:\/\/www.carnaghan.com\/risks-threats-and-vulnerabilities\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.carnaghan.com\/"},{"@type":"ListItem","position":2,"name":"Risks, Threats and Vulnerabilities"}]},{"@type":"WebSite","@id":"https:\/\/www.carnaghan.com\/#website","url":"https:\/\/www.carnaghan.com\/","name":"Ian Carnaghan","description":"Software Developer, Blogger, Educator","publisher":{"@id":"https:\/\/www.carnaghan.com\/#\/schema\/person\/c689c24d516c51968a88b628860740a5"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.carnaghan.com\/?s={search_term_string}"},"query-input":"required name=search_term_string"}],"inLanguage":"en-US"},{"@type":["Person","Organization"],"@id":"https:\/\/www.carnaghan.com\/#\/schema\/person\/c689c24d516c51968a88b628860740a5","name":"Ian Carnaghan","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.carnaghan.com\/#\/schema\/person\/image\/","url":"https:\/\/secure.gravatar.com\/avatar\/f2aa5baca80c2be728de43a975185d91?s=96&d=retro&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/f2aa5baca80c2be728de43a975185d91?s=96&d=retro&r=g","caption":"Ian Carnaghan"},"logo":{"@id":"https:\/\/www.carnaghan.com\/#\/schema\/person\/image\/"},"description":"I am a software developer and online educator who likes to keep up with all the latest in technology. I also manage cloud infrastructure, continuous monitoring, DevOps processes, security, and continuous integration and deployment.","sameAs":["http:\/\/www.carnaghan.com","https:\/\/x.com\/icarnaghan"],"url":"https:\/\/www.carnaghan.com\/author\/icarnaghan\/"}]}},"views":106,"_links":{"self":[{"href":"https:\/\/www.carnaghan.com\/wp-json\/wp\/v2\/posts\/2297"}],"collection":[{"href":"https:\/\/www.carnaghan.com\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.carnaghan.com\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.carnaghan.com\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.carnaghan.com\/wp-json\/wp\/v2\/comments?post=2297"}],"version-history":[{"count":0,"href":"https:\/\/www.carnaghan.com\/wp-json\/wp\/v2\/posts\/2297\/revisions"}],"wp:attachment":[{"href":"https:\/\/www.carnaghan.com\/wp-json\/wp\/v2\/media?parent=2297"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.carnaghan.com\/wp-json\/wp\/v2\/categories?post=2297"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.carnaghan.com\/wp-json\/wp\/v2\/tags?post=2297"},{"taxonomy":"post_series","embeddable":true,"href":"https:\/\/www.carnaghan.com\/wp-json\/wp\/v2\/post_series?post=2297"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}