SCHOOL OF ENGINEERING, ARCHITECTURE, and IT EDUCATION

ITE Department

Project READS – Student Version

Second Semester SY 2023-2024

Name of Student Syd Roan Banag

Program/Year Level BSCS 3
Professor/Instructor Benedict D. Sy, DIT

1. Security Designs for the Cloud, IoT, and Social networking

Title of the Journals /
2. Wireless Security Architecture
Books
3. Security Fundamentals
1. Adele Kuzmiakova
Name of Author 2. Jennifer Minella
3. John Wiley
1. 2022
Year of publication 2. 2022
3. 2020
Answers to the guided
questions. 1. How can developers effectively mitigate the risk of injection
attacks in their software applications, and what best practices
should be followed to ensure robust program security?

= Developers can effectively mitigate the risk of injection

attacks in their software applications by implementing a
combination of best practices. Input validation plays a crucial
role, requiring developers to thoroughly validate and sanitize
user inputs to prevent malicious entries. The use of
parameterized statements or prepared queries in database
interactions helps thwart SQL injection attacks by separating
user input from SQL code. Additionally, employing stored
procedures can encapsulate and control database access, further
reducing the risk of injection. Adhering to the least privilege
principle, where database accounts and application components
are assigned minimal necessary privileges, limits potential
damage in the event of a breach. Escaping user input when
outputting it to web pages prevents cross-site scripting (XSS)
attacks. Web Application Firewalls (WAFs) provide an
additional layer of defense by filtering and blocking malicious
traffic. Regular security audits and penetration testing are
essential to identify and address potential vulnerabilities.
Furthermore, continuous education and training for developers
on secure coding practices and staying informed about the latest
security threats contribute to maintaining a robust program
security against injection attacks.

2. In the context of web applications, what measures can be

 implemented to safeguard against common vulnerabilities such
as cross-site scripting (XSS) and cross-site request forgery
(CSRF), and how do these strategies contribute to enhancing
overall program security?

= To safeguard against common vulnerabilities like cross-site scripting

(XSS) and cross-site request forgery (CSRF) in web applications,
developers can implement the following measures:

1. Input Validation and Sanitization: Thoroughly validate and

sanitize user inputs to prevent malicious scripts from being
executed (XSS).

2. Content Security Policy (CSP): Implement CSP headers to

control which resources can be loaded, mitigating the risk of
XSS attacks by defining trusted sources for scripts and other
content.

3. Secure Cookies: Set the "HttpOnly" and "Secure" flags on

cookies to prevent client-side scripts from accessing sensitive
information and ensure cookies are transmitted over secure
connections only.

4. Anti-CSRF Tokens: Include anti-CSRF tokens in web forms to

verify the legitimacy of requests, making it challenging for
attackers to forge requests on behalf of authenticated users.

5. SameSite Attribute: Utilize the SameSite attribute for cookies to

control when they are sent with cross-site requests, reducing the
risk of CSRF attacks.

6. Frame-Options Header: Implement the X-Frame-Options header

to control whether a web page can be displayed in a frame,
preventing clickjacking attacks.

7. HTTP Strict Transport Security (HSTS): Enforce HSTS to

ensure secure connections, reducing the risk of man-in-the-
middle attacks and SSL-stripping.

8. Security Headers: Employ security headers such as X-Content-

Type-Options and X-Content-Security-Policy to provide an
extra layer of protection against various web vulnerabilities.
These strategies collectively enhance overall program security by
fortifying the application against common web vulnerabilities. By
implementing a combination of client-side and server-side defenses,
developers can significantly reduce the risk of XSS and CSRF attacks,
thereby bolstering the overall security posture of web applications.
______________________________________________________
Signature Over Printed Name of Librarian – in – Charge

_______________________________________________________
Date