EVALUATING APPLICATION SECURITY OF WEB APPLICATION PORTAL

EVALUATING APPLICATION SECURITY OF WEB APPLICATION PORTAL
CHAPTER ONE

INTRODUCTION

1.1 Background of the Study
The new millennium brought with it new possibilities in terms of information access and availability simultaneously, introducing new challenges in protecting sensitive information from some eyes while making it available to others. Today’s business environment is extremely dynamic and experience rapid changes as a result of technological improvement, increased awareness and demands Banks to serve their customers electronically. Banks have traditionally been in the forefront of harnessing technology to improve their products and services. The Banking industry of the 21st century operates in a complex and competitive environment characterized by these changing conditions and highly unpredictable economic climate. Information and Communication Technology (ICT) is at the centre of this global change curve of Electronic Banking System in Nigeria today. (Stevens 2002). Assert that they have over the time, been using electronic and telecommunication networks for delivering a wide range of value added products and services, managers in Banking industry in Nigeria cannot ignore Information Systems because they play a critical impact in current Banking system, they point out that the entire cash flow of most fortune Banks are linked to Information System. The application of information and communication technology concepts, techniques, policies and implementation strategies to banking services has become a subject of fundamental importance and concerns to all Banks and indeed a prerequisite for local and global competitiveness Banking.
The advancement in Technology has played an important role in improving service delivery standards in the Banking industry. In its simplest form, Automated Teller Machines (ATMs) and deposit machines now allow consumers carry out banking transactions beyond banking hours.

The explosion in the computer industry in the last three decades has further contracted the world into a yet smaller village and revolutionised the way commerce is conducted. However, this has not been without its cost. With the introduction of electronic commerce also came electronic or cyber crime, the incidence of which varies from country to country. In Nigeria, the crime has attained such a huge dimension that government set up the Economic and Financial Crimes Commission (EFCC) in 2004. A past chairman of this commission, NuhuRibadu, admitted that the incidence manifests in Nigeria more than in any other African country and the malaise has been smuggled to neighbouring West African countries (Ribadu, 2007).
Cyber crime hurts a nation on many fronts, the individual, the corporation and the society. Therefore, the action being instituted by government (Udotai, 2007) and other measures (Adeloye, 2008; Nkanga, 2008) are clearly steps in the right direction. Unfortunately despite government’s policing action these crimes still prevail. The individual and the business organisations are therefore left with no other choice than to arrange additional means of protection. This is usually pursued in one of two ways. One is the technological approach whereby security measures to ward off intruders are put in place. The problem with this approach is that it appears the perpetrators’ ingenuity soon puts them one step ahead of technology. The other is to adopt risk management methods consisting of risk avoidance, risk assumption and risk transfer. Particularly, because loss to a business organisation following a cyber crime can be devastating, it appears that risktransfer mechanism, the most popular method of which is insurance, is often the easiest option to adopt.
It has however being envisaged that the traditional type of insurance policies that a firm can purchase may not suffice in a number of circumstances as it may not capture the true costs of cyber attacks (Gralla, 2001). There are therefore two immediate tasks. The first is to evaluate if, and to what extent, various trade groups engage in internet transactionand second, to examine the prospect of marketing an insurance product specifically designed to cover cyber crimes in Nigeria. To the best of our knowledge, such a study has not yet been undertaken in Nigeria.

1.2. Statement of the Problem
The Office of the National Security Adviser disclosed this in a paper entitled ‘Economic and security implications of Denial of Service attacks’. It also stated that a report by a Nigeria-based Information and Communications Technology company, New Horizons Limited, had shown that Nigeria loses N413bn ($2.5bn) annually to cybercrime.
The New York Department of Financial Services issued a report which notes that, cyber attacks against banks are “becoming more frequent, more sophisticated, and more widespread.” Oftentimes not featured in the news are the attacks against “community and regional banks, credit unions, money transmitters, and third-party service providers (such as credit card and payment processors)” who have experienced attempted breaches in recent years. Attacks have come from a variety of actors, including unfriendly nation-states, hacktivists, organized crime groups, cyber gangs, and other criminals. The report states that “as the cost of technology decreases, the barriers to entry for cyber crime drop, making it easier and cheaper for criminals of all types to seek out new ways to perpetrate cyber fraud.

Upon policies and security practices to better the web application portal of financial institutions, cyber vandalism of this financial institution web portals increases due to poor knowledge and awareness of users of this systems.

1.3 Aims and objective
This project tries to access the strength and weaknesses of web portals of financial institutions for better security managerial policy over their web portals.
The objective is to be achieved:
1. Build Web application Hacking tool to test web application strength.
2. Make readily available a handy tool that could be easily used by non technocrats
3. Generate network and ports report of a servers.
4. To reduce the activities of cyber crime

1.4 SIGNIFICANCE OF STUDY
A financial institution that is a victim of cyber-theft tends to combat with the following challenges:
1. Reputation loss
2. Financial loss
3. Intellectual property loss
4. Loss of customer confidence
5. Business interruption costs
6. Loss of goodwill
Electronic banking in our economy today is a welcome development and also its impacts in the society are over-whelming, so this research is significant in so many ways.
1. It will expose the strength and weakness of electronic banking.
2. It will motivate banks and other economic agents to computerize their services.
3. Knowledge in the area of electronic banking will be advanced.
4. Apart from contributing to the knowledge of electronic banking, it forms a reference for future research in this area.

1.5 SCOPE OF THE STUDY
This study would be of significance not only to financial institutions but also to other institutions and organizations that manages transaction on a web application; Hereby improving their knowledge of day to day activity of technology systems.

Source

from EDUPEDIA247https://ift.tt/30lF6BP
via EDUPEDIA