See the attached Document.
Discussion – 1 : A web-server is a form of computer used to operate across websites over the network. Its primary use is to process, store, and transport web pages to users. Web-servers enable individuals and organizations to share their information with the world regardless of the recipients (Chakravarthy, & Kannimuthu, 2019). Whenever hackers want to establish an attack, a web-server is the first place they consider. Therefore, without the appropriate preparations and precautions, the web-server is weak enough to provide the attackers with the necessary grip. There are several methods used to identify weak web-server configurations. One of them is the secure socket layer (SSL) certificate. SSL certificate is a technique of encrypting data transported across the internet. Once installed on a web-server, it becomes activated and it sends a signal to the system, which alerts the user in case of any breach (Chakravarthy, & Kannimuthu, 2019). The least privilege is also another method used to identify a weak web-server. The least privilege principle works by permitting authorization only to complete the assigned tasks. It helps the user to identify a weak web-server once it starts processing unnecessary materials to the user. Another method is vulnerability migration. This process allows users to discover weaknesses on web-servers and document them in an account within the targeted location. Additionally, it is also a systematic evaluation of security faults in data systems. However, it is possible to keep a web-server safe and secure from any form of threat. The web-server should be strengthened during the development stage to guarantee the users a secure and strong software growth life cycle procedure (Chakravarthy, & Kannimuthu, 2019). Besides, application security should be addressed during the run-time phase because during that stage (WAF) web application firewall provides prevention control and the effective recognition of weaknesses. Reference Chakravarthy, D., & Kannimuthu, S. (2019). Extreme Gradient Boost Classification Based Interesting User Patterns Discovery for Web Service Composition. Mobile Networks and Applications, 24(6), 1883–1895. https://doi.org/10.1007/s11036-019-01385-6 Discussion 2: As we know, most organizations in the current market provide web browser service to customers to access organization resources. We can web application to notify or report the outage to a utility company, the same as we can use a web application to buy an insurance policy. This explains how essential web applications are, and we need to make sure our application is secure and does not have any vulnerabilities. Below is the process we implement to identify web server configuration vulnerability. Web application performance monitoring Using third-party tools for performance monitoring Monitoring web application logs Web application governance For securing web applications, we need to implement the below process. Strong password and username HTTPS encryption For file, transfer use Electronic data interchange Automated secure process File and data integration checking Patch and upgrade security continuously SSL configuration XSD validation JWT tokens Limitations on API IP whitelisting and Blacklisting (Mike et al., 2018). References Mike, C., James, M. S., Darril, G. (2018). (ISC) CISSP Certified information systems security professional official study guide: John Wiley & Sons. ISBN: 9781119475958