Addressing Vulnerabilities in App Security

Title: System Security Assessment Using Vulnerability Repositories

Chapter 1: Introduction

The operating system is liable for controlling access to resources that comprise sensitive data. This implies control of access to resources of computer systems that involve data as well as operating system files. This is referred to as system security (Fu and et. al, 2019). Security vulnerability illustrates the weakness of an adversary which can be taken advantage of to compromise the availability, confidentiality along integrity of resources. As technology is evolving, there is an enhanced probability of entry within them. The operating system and software apps have become exploitable to the system vulnerabilities which leads to security concerns. Vulnerability denotes weakness that may be exploited via threat actors like attackers carrying out unauthorised actions in computer systems. Basically, it implies a cyber security term that illustrates flaws within the system, which leads to the creation of an open attack. They signify the weakness of computer systems that comprise procedures or anything that leads to exposing information security. For this, it is necessary to identify applications which have vulnerabilities and can have the worst impact on individual systems. This will lead to identifying vulnerabilities that might be prevented from attacking as well as having access to data.

Pay to Get Your Assignment Done On Time ! Order Now

Background of the Research

Computer vulnerability refers to a cyber security term that denotes a defect within a system that makes it prone to attacks. This signifies the type of weakness which is present within computer systems or mobile phones that comprises of a set of procedures or aspects that lead to aid information security by which this can be exposed to the threat. This can lead individuals to have various problems with the threat of leakage of their private information (Bhatia, Christopher and Thangapandian, 2020). In case if firm's network is exposed or the mobile device of any employee is accessed by an intruder then they can have credential information of them which can be utilised against them. Even identity theft can be used to have access to a wide range of data.   

Problem Statement

The operating system implies software which interacts with hardware as well as aids other programs to execute. This involves fundamental files or system software that is required by computers along with mobile phones requiring OS to boot up and carry out their functionalities (Casola et al, 2020). Behind this lots of programming is involved in different languages basically, it is Java, C and many more languages which allow firms as well as individuals to carry out their operations in a smooth manner. This leads to certain vulnerabilities that pose a threat to these devices as there is a probability that the program might have skipped certain aspects which makes them vulnerable. This means that there is a need for an application that will lead to identifying these vulnerable apps which will lead to hampering the functionalities of operations or information stored within them (Chen and et. al, 2020).  

Research Aim

“To identify the system security assessment through the usage of vulnerability repositories”  

Research Objectives

• To identify the concept of system security along with vulnerabilities present within.
• To identify the impact of existing software vulnerability upon apps as well as operating systems.
• To analyse the effectiveness of creating a new tool in order to reduce the risk of system vulnerability. 

Research Questions

• Illustrate the concept of system security along with vulnerabilities within them.
• Identify the impact of existing software vulnerability upon apps as well as operating systems.
• Conduct an analysis of the effectiveness of creating a new tool in order to reduce the risk of system vulnerability.

Statement of Hypothesis

H₀: A new tool for system security will lead to have affirmative reduction of risks associated with system vulnerabilities.

H_1: A new tool for system security will not have any influence on reducing risks related to system vulnerabilities.

Rationale of the Study

Technology is evolving and the ways individuals and firms are dependent on it leads intruders to carry out attacks in an easy manner (Choudhary and et. al, 2020). To understand this aspect an instance can be taken into consideration when individuals download any application they are asked to allow the application to access their contact details, images and other information. These details might be accessed by a third person or intruder to have unauthenticated access to their requirements. This will have a highly pessimistic impact on them or have access to their email and carry out attacks by using their devices as a launching pad as they cannot be identified. This makes it crucial to have an alternative to deal with this aspect as it will have an adverse impact on individuals whose device is compromised in addition to this there is a high probability that intruders might have details of their login credentials into different applications or websites which are being used by them (Dorsey and et. al, 2020).

This illustrates that even after a peculiar app that is vulnerable is deleted then there is a high probability that an attack can take place. So, to deal with such kind of situations it is essential there is an alternative that will provide an insight into which app is vulnerable and which is not. This dissertation is based on this concept only in which tool will be formulated that will assist within detection of vulnerable attacks. For this, it is critical for the researcher to take all the aspects in a precise manner and work done by other authors with reference to this as it will furnish a strong base for carrying out the research.

Significance of the Study

This research is carried out on system security as it is a critical aspect that has to be considered. Through this systems can be prevented from getting exploited. Efficacious use of technology leads to the elimination of such aspects but also makes them more prone to different attacks as individuals are dependent on their devices for certain activities (Dotson and et. al, 2020). Furthermore, they more often download and install different applications without taking into consideration the repercussions associated with this. This dissertation will provide with tool that will assist in detecting such kinds of applications which will make them prone to attacks. Overall there will be an affirmative impact on the ways people use their devices and have a secure system.

Route Map of Research

This is a crucial aspect of research that assists readers in classifying adequate data associated with each chapter to illustrate what is studied is defined as a route map (Eghan and et. al, 2020). Within this section of the dissertation, unlike chapters, they are specified below with reference to information that will be presented by them.

Chapter 1: Introduction: This illustrates an overview or introductory overview of aspects connected with the dissertation. This activity involves complete information and a base that will define an overview of the topic (Holz and et. al, 2020). Through this chapter, the reader can have data for research aims, objectives, and questions related to this along with the background of the study.

Chapter 2: Literature Review: This denotes the second chapter of the dissertation which involves a study that is being carried out by the authors. With reference to this section, a wide range of publications, articles, books and many other sources will be used. They will be accountable for supporting readers with opportunities to have all the crucial data related to work done by other researchers. In this context, various researchers have rendered their opinions and viewpoints with reference to system security and vulnerabilities associated with this. Along with this, certain aspects will be depicted that will assist them in having adequate information related to this as well as identify the gap within work done by them.   

Chapter 3: Research Methodology: It is the next chapter or activity within the dissertation that is completely dependent on research methods that have been carried out. Within this research section, there are diverse methods that involve secondary as well as primary methods for collecting data. Qualitative or quantitative research, instruments, philosophies along various other perspectives connected with this dissertation (Huang et al., 2020). It implies a critical method which is responsible for supporting researchers through which they can have precise data associated with system security and vulnerabilities.

Chapter 4: Findings and analysis: This is the next chapter of the dissertation that will assist in the interpretation of information or data with reference to the topic. Within this section of research, a frequency table will be illustrated which will help the investigator in the determination of decided along with undecided respondents. Along with this, here different tables along with graphs are utilised which are completely based on response or frequency tables that are attained via respondents.  

Chapter 5: Discussion: It denotes the next chapter that will aid investigators to provide researchers with relevant recognition with reference to primary data. For this, the literature review can be used to examine secondary data that is related to system security (Kelley, Jain and Turner, 2020). Apart from this, a questionnaire will be used to acknowledge the influence of tools and understanding related to vulnerabilities within the system.

Chapter 6: Conclusion and Recommendation: It implies the last chapter associated with the dissertation that will provide adequate data in the context of whether objectives are achieved or not. In addition to this, it is completely based on research findings along with analysis up to a larger extent. Furthermore, some suggestions will also be firm on the basis of the topic.

Chapter 2: Literature Review

It is vital to abstract activities that are being carried out with reference to specified areas. This is accountable for developing a landscape for their readers through which complete understanding can be developed within the security system. It will provide learners with adequate data that has been collected via previous work carried out by researchers. The purpose of carrying out a literature review furnish learners with adequate information in terms of new insight into different perspectives (Kudjo and et. al, 2020). In this section, data is collected through the usage of secondary sources such as the internet, books, articles and many more. It will lead them to have relevant data and assist in having affirmative outcomes for the dissertation. Literature refers to systematic along with efficacious process that is being utilised by researchers for having in-depth knowledge associated with this research. The gap has to be identified with disputes in different studies which are carried out. Through the identification of these gaps, it will be easy for investigators to identify adequate research through which gaps can be filled up. With reference to this, each objective will be acknowledged in a sequential manner.

It is a critical aspect of the dissertation which aims to conduct work in an adequate manner by analysing information associated with this aspect. Therefore, the information that is available will aid in gaining knowledge related to a subject that will allow them to carry out research in a precise way and have valid implications. This section is regarded as a base for carrying out research as this will assist in having effective theoretical perspectives that have been formulated to carry out activities in an adequate manner (Lever and Kifayat, 2020). With reference to this, information is collected through secondary resources which involve past investigations, journals, and newspapers which are based on objectives and aims associated with the research which illustrates a precise framework that will be formulated that will lead to significant knowledge related to security systems and vulnerabilities related to this.

Theme 1

To identify the concept of system security along with vulnerabilities present within.

According to Paul Zandbergen (2020), the protection of data or information along with property from any kind of corruption, theft or damage while allowing users to access them is referred to as system security. Basically, it implies developing as well as executing security countermeasures through which systems can be secured from any kind of unauthorised access (Li, 2020). There are different security threats which are being experienced while making use of systems, they comprise of data loss, physical damage or information falling into the wrong hands. As technology is evolving, there comes different ways through which unauthenticated persons get access to systems and make their illegal use (Systems Security: Firewalls, Encryption, Passwords & Biometrics, 2020). This is denoted by hacking and hackers have formulated distinct sophisticated ways through which they obtain data from databases for having some advantage or have intent to harm others.

System security illustrates the method which can be utilised by individuals or organisation for securing their assets. For instance, the firewall is utilised for improving security. In this rules are formulated for filtering unwanted intrusions so that they do not get access to the system and carry out any kind of harmful activities (Mayer, and et. al, 2019). Furthermore, passwords are being used but if they are not strong then it is not worth using them in case the password is ‘sensitive' then it can be easily broken up through the usage of dictionary attacks which implies that it was of no use. Therefore, it is always suggested to make use of a strong password which comprises special characters. Still, if sensitive information is present in the system then it can be encrypted so that if a third person gets access to the system then also they do not have access to data (Conklin and et. al, 2015). These are some methods which are being used within system security but still, it is difficult to entirely secure the systems. 

As per NIST (National Institute of Standards & Technology), vulnerability implies weakness within the information system, internal controls, security procedures or execution which can be triggered or exploited through a threat source. There are certain reasons why vulnerability takes place within the system, they are illustrated below:

• Complexities: When an application or system is complex then it increases chances of misconfiguration, flaws or unintended access. In case when something critical, large and complex system is developed then the probability of loopholes increases (Vorobiev and et. al, 2017).
• Familiarity and Connectivity: Common software, code, hardware and operating systems enhance the possibility that intruders will be able to identify or attain information related to vulnerabilities present in the system. Along with this, when systems have internet connections all the time then they can gain knowledge related to vulnerabilities.
• Operating System flaws: As applications or software have limitations, the operating system also possesses some restrictions. They are insecure as well as render complete control to individuals that allow in certain viruses as well as malware by executing various commands.

All these aspects lead to managing vulnerabilities so that unwanted activities can be prevented. Vulnerability management refers to a cyclical practice for identification, classification, remediation as well as mitigation of security vulnerability (Tan, 2016). It is essential that they are detected, assessed and remediated.

Theme 2

To identify the impact of existing software vulnerability upon apps as well as operating systems.

According to Ira Winkler (2020), bugs which are involved within the software are referred to as software vulnerabilities. Bugs illustrate errors that are present within code which causes the system to take unwanted actions (Software Vulnerability, 2020). Generally, it depicts the weaknesses that might be exploited by attackers for carrying out unauthorised activities on the computer system. There are different vulnerabilities which create an impact on a system like SQL injection, buffer overflow; OS command injection, integer overflow, uncontrolled format string and various others. There are different applications which are being used by users. Now the attackers try to find out the weaknesses present within those apps which are denoted by vulnerability so that they can write down programs through which they can get over that like lock picks are being utilised to have an entry into the physical location of the user. This implies that overall influence will be worst as once hackers get access to the device then sensitive information present within can be accessed by them and misused (Luh and et. al, 2020). Vulnerabilities within an application or operating system take place due to some reasons they are as:  

Program Errors: The bugs which are present within the program code allow a computer virus to have access to a device as well as have control of that. An instance can be taken into consideration in August 2018 vulnerability was founded by KrebsOnSecurity on the platform of Fiserv banking. The programming has an error due to which data of individuals can be attained by incrementing an object or parameter named “event number”. This vulnerability allows a third person to check out transaction-related data of other individuals which comprises of their account details, phone numbers and e-mail addresses (Peltier, 2016). Errors or bugs in a program provide a way through which a third person can get access to information that is stored in the software.

• Intended Features: They imply documented and legitimate ways through which applications have access to the system. For example, cross-site scripting attacks in which malicious programs or scripts are injected into web applications. This is being done to have information about their users.

If vulnerabilities are present within an application or operating system whether they are intended or not then there is a higher probability that software is open to attacks via malicious programs (Manku and Vasanth, 2015). There are certain vulnerabilities within the application which can hamper the way in which they work as well as the data stored in them. A few of them are specified below along with their impact:

• Lack of Binary Protections: This implies source code for applications that are not obfuscated in any manner which makes it easy to decompile them, carry out reverse engineering as well and read application code clearly without any kind of special tools. Once this has been decompiled then it will be easy to search app source code for developers along with encryption keys, tokens and APIs. Around 97% of apps suffer from this problem which makes it possible to decompile apps by making use of the APK Extractor tool which is available for free download (The Mobile App Vulnerability Epidemic and Its Impact on Global Business, 2020). In case tokens or encryption keys are identified then it will also become probable to crack or exploit private key passwords through offline mediums. This enables adversaries with the ability to inject malware within the code to have access to confidential or other information.
• Insecure Data Storage:  This illustrates data which is being transferred through the usage of an application that was stored insecurely. It can be stored either temporarily or permanently that is outside the sandbox or in the local file system, or external storage or may be copied into a clipboard (Gupta, Agrawal and Yamaguchi, eds., 2016).  The research that is conducted implies that around 83% of applications are insecurely stored which enhances the risk of exposure to the personal data of users and even their social media handles. Furthermore, temporary storage also leads to insecure access to sensitive information via other applications. 

Theme 3

To analyse the effectiveness of creating a new tool in order to reduce the risk of system vulnerability.

According to Michael Cobb (2020), vulnerability denotes a weakness or flaw which is present within system security design, procedures, and execution or in the internal controls that might be triggered intentionally or accidentally and result in a violation of system security. Intruders make use of the application layer to gain access to databases and networks by making use of legitimate system-level accounts (How to prevent application attacks and reduce network vulnerabilities, 2020). For mitigating such kind of risks and protecting the database, firewalls are utilised along with these updates or security patches are used. As for vulnerabilities like SQL injection, denial of service and other 23 such kinds of weaknesses Oracle released a critical patch update in 2005.

Though a firewall can be used to protect the system from having unwanted access to applications or information present within but when permission is given to a peculiar app to download and make use of system data then this leads to higher risk as at this instance of time firewall will not work as access have been given. This implies that some new tools are required through which this problem can be resolved. If any vulnerable application is being installed in the system then there must be a tool that must illustrate how vulnerable the application is and what worst impact it can create (Fisch, White and Pooch, 2017). For instance Trojan horse is given complete access to intruders similarly tool must provide exact details so that the system can be protected. The formulated tool will assess the vulnerability in the following ways:

• Identify vulnerabilities: The initial step that will be carried out by an application is an analysis of network scans, firewall logs, vulnerability scans and pen test results for finding out anomalies which will suggest that a cyber attack may take the edge of vulnerability.
• Verify vulnerabilities: It will aid in deciding whether the vulnerabilities which have been identified can be exploited as well as classified on the basis severity of the exploit. This will aid in acknowledging the level or extent of harm that will be created by a particular loophole (Maspoli and DeSantis, 2015).
• Mitigate vulnerabilities: It will assist in deciding countermeasures as well as measure its effectiveness within the event for identification of whether the patch is available or not.
• Remediate vulnerabilities: The tool which will be developed to find out any kind of vulnerabilities will be responsible for updating it so that adequate procedures can be taken before unauthenticated activities are conducted on the devices of individuals (Nickolov, Schibler and Armijo, 2020).

As cyber-attacks are evolving with enhancements in technology, it becomes important to have tools through which vulnerability management can be carried out. This must be a repetitive and continuous practice for ensuring that devices or applications are working as per desired standards. Apart from this, vulnerability scanning, penetration testing and Google hacking are essential parts of the tool. Within the tool, vulnerability scanning implies a feature which is being designed for assessing networks, applications or computers for vulnerabilities which are known. Basically, they are liable for the identification and detection of vulnerabilities which take place due to misconfiguration or imperfection within the network. This can be carried out by making authenticated and unauthenticated scans (Conklin and et. al, 2015). Penetration testing refers to the practice of testing information technology assets for the determination of security vulnerabilities which can be exploited by intruders or third persons. Google hacking is defined as a process that is associated with making use of search engines like Microsoft Bing or Google to locate security vulnerabilities. The tool will make use of this feature so that it can have enhanced search operations within their queries.

Project Plan

The formal document that is designed with the intent to guide the controls as well as implement the project is referred to as a project plan. While carrying out research, it is important to identify what has to be done and a clear understanding with respect to that must be formulated in terms of what, when and why it is needed along with how it can be attained. This implies that there has to be an appropriate knowledge topic (Zhou and et. al, 2019). The researcher needs to introduce the topic with providing its overview, aim and objectives. On the basis of this literature must be reviewed which will lead to in-depth knowledge of different aspects related to the topic. Carry out a survey or make use of a questionnaire to identify the views of different respondents so that precise and accurate results can be attained. This will lead to drawing a conclusion through which understanding can be formulated with respect to a tool which has to be developed by which system or application vulnerabilities can be handled in an efficacious manner (Pejšová and Vaska, 2020).

Chapter 3: Research Methodology

The specific techniques or procedures that are used by researchers for determination, having relevant processing and examining data related to peculiar investigation areas are referred to as research methodology. In the dissertation, this section aids readers in analysing validity along reliability in an adequate manner (Pozdniakov and et. al, 2020). This chapter will provide an insight into procedures and methods which can be applied for collecting along analysing data in research. Within this dissertation, various methods are utilised such as diverse instruments to gather data, formulation of research designs, data analysis, and sampling techniques along with many more aspects which can lead to have affirmative impact on overall work. These are crucial aspects in research methodology that will aid researchers in the collection of precise as well as adequate information associated with system security and vulnerability repositories associated with the same. Some critical methods have been depicted that have been used within this study.

Research design: All the activities within this dissertation are entirely based upon research design which will provide assistance to the researcher for identification of influence that will be created by making use of system security and vulnerabilities associated with the same. Research design is a critical part of the research methodology which is isolated in three sections, exploratory, experimental and descriptive. This involves a major kind of research design but with reference to this study, descriptive designs will be used by the researcher (Ranganath and Mitra, 2020). It assists within a specific research topic and by applying this, a precise and relevant implication can also be achieved in a trenchant way. This enables within examination of non-quantified concerns. Along with this, exploratory and experimental designs are other research designs which cannot be regarded as adequate for this study.

Types of study: Research methods are divided into different categories, they involve quantitative along with qualitative methodologies. Quantitative research illustrates the determination, inferring as well as depiction of issues by specified numbers. Generally, this involves outcomes with reference to numerical values. Qualitative research is based on feelings, sounds, words, emotions and many more aspects which are non-quantifiable as well as non-numerical values (Rea-Guaman and et. al, 2020). Both such kinds of studies are critical but they are liable for conducting enquiry with reference to influence on functionalities through the usage of system security along with vulnerabilities. With reference to this study, quantitative kind of research will be used investigator. The reason behind this is that it will assist in gathering statistical data associated with this subject or with reference to the topic. This will assist them to have an adequate range of edges such as clear independence, higher levels of reliability, minimised personal judgement, specified research problems, dependent variables and many other perspectives associated with this. These are the major rationales to utilise quantitative investigation while carrying out this research (Sachidananda, Bhairav and Elovici, 2020). On the other hand, qualitative research methods are being utilised for examining adequate results that will not be apt for conducting this research. The cause behind this is that through this it will enable researchers to have a wide range of information or data that is being accumulated and this cannot be analysed in an adequate way. The other major explanation behind this is that through the usage of quantitative research methods, there are distinct drawbacks, this involves that they are peculiar, replicable, and generalisable as well as there are many other perspectives associated with this. These are the primary reasons that quantitative research methods are not used within this.

Sources of data collection: It is the other major section that is involved in research methodology and is critical for investigators. This comprises two major resources for the collection of data, this involves primary as well as secondary sources. For gathering primary information related to the minimisation of the impact of vulnerabilities on the functionalities of individuals this questionnaire will be utilised (Scholz and et. al, 2020). On the other hand, for collection of secondary information associated with the inspection of different sources can be utilised, they are publication research, magazines, articles, books and many other sources which involve relevance of the study. Therefore, both primary and secondary sources of research are critical for investigators to collect information associated with influence on functions and functionalities conducted by individuals.

Research approach: This is the other major section that is included within the research methodology and is entirely based on data collection and analysis for the same. For the accumulation of data, two approaches are utilised, they include two approaches. This involves qualitative and quantitative aspects. For gathering data in the context of system security and vulnerability repository quantitative research will be executed (Shahab and et. al, 2020). The purpose behind this is that through the usage of this approach, researchers can accumulate numerical data but this does not require more resources for investigators to make comparisons between qualitative approaches. For conducting data analysis, there exist mainly two approaches they comprise inductive along with deductive. For carrying out analysis of information associated with system security as well as vulnerability repositories, a deductive approach can be used. In addition to this, both quantitative as well as deductive approaches for research is being used. Both of these aspects are critical for an investigator in accumulation as well as carrying out analysis to have precise information with reference to the subject (Vassilev and et.al, 2020). Along with this, the deductive approach is completely based on quantitative approaches with reference to research. Both of them aid in the collection along with carrying out analysis of precise information in this topic. With reference to this study, the deductive approach is based on a quantitative approach for accumulating data. It is critical for an investigator to utilise a questionnaire for doing this.

Research philosophy: This relevant and critical area of methodologies that will aid investigators in having adequate inference. In addition to this, there exist two major research philosophies that are denoted positivism as well as interpretivism. The quantitative methods are liable for utilising philosophy but interpretivism is used in the context of qualitative philosophies. With reference to this research, the positivism philosophy can be used as it will lead them to furnish relevant support for researchers for collecting information by utilisation of questionnaire through which relevant and significant inferences can be drawn (Walker and et. al, 2020). But the major restriction associated with interpretivism is that this is subjective in nature and there are many other reasons for not making use of this such as this is not generalisable, certain research imposition, low reliabilities, will not be representative and many more perspectives are there. Therefore, positivism implies a kind of philosophy where research is critical and valuable for the investigator as it will furnish assistance for gathering quantitative information. In addition to this, ample numbers of resources are not required with reference to this.  

Research Strategy: It is a critical aspect that is associated with research methodology that leads to precise strategies associated with scrutiny of processes that aid in carrying out an investigation. There are different research strategies that comprise aspects such as surveys, action research, experiments, grounded theory, ethnography, case studies, archival research and many more crucial perspectives (Wu and et. al, 2020). It illustrates critical strategies related to research as it will furnish the investigator with an adequate set of data associated with a particular research area. For gathering or collecting data in the context of security systems and vulnerabilities, market survey strategies are implemented. This will assist in furnishing an effectual collection of valid and reliable information from distinct respondents. It will render enhanced benefits to researchers such as minimised risk portfolio, addressing requirements of employees, handling competition and many more associated aspects. This implies that a market survey acts as a critical and useful strategy through which analysis can be conducted (Bhatia, Christopher and Thangapandian, 2020).

Research instruments, procedures or techniques: This aspect is related to the collection of data. There is a wide range of techniques which are being used with reference to this aspect. This involves interviews, focus groups, observation, etc. These are crucial instruments which are being used for gathering data in the context of system vulnerabilities. For this questionnaire is used. It is essential along with valuable instruments that can be utilised for collecting information that furnish support for investigators through which precise and valid data can be collected (Casola et al, 2020). There are various reasons behind the utilisation of questionnaires within then or when the investigation is carried out such as repetitive information, anonymity, validity, uniformity, easy method, wide-coverage, flexibility, adequate preliminary tool and various other aspects. These are the major aspects related to the questionnaire which are critical for the investigator while the collection of valid as well as accurate information associated with system security and related vulnerabilities will be used.

UPTO55%

Avail The Benefit Today!

To View this & another 50000+ free

Enter Email

Submit