Problem
Your company recently reviewed the results of a penetration test on your network. Several vulnerabilities were identified, and the IT security management team was tasked with providing a plan for recommended mitigation. The penetration test identified the following vulnerabilities and mitigations:
i. The cloud-based website clients used to log into and access their financial records has some malware protection flaws based on the OWASP Top 10. The following two were identified:
ii. SQL injection
iii. Broken authentication
iv. The data server housing client financial records have the default password "admin."
v. The remote VPN appliance is vulnerable to a bu?er overflow attack. A remote, unauthenticated attacker can inject code into memory space enabling the CPU to blindly run unauthorized program code. This vulnerability is caused by poorly written software code allowing improper validation of user-supplied input.
Write 5 to 6 pages mitigation plan that includes the following elements for each vulnerability:
i. Vulnerability description
ii. Technical risk (low, moderate, high)
iii. Business risk (low, moderate, high)
iv. Likelihood of occurrence (low, moderate, high)
v. Business impact if vulnerability compromised
vi. Recommended mitigation actions.