Module 5
Network Security
Unit 2
Advanced Persistent Threats: Applying the Cyber Kill Chain Model to a Case Study
Learning Outcomes
- Describe the Cyber Kill Chain model.
- Apply the model to analyse a well-known APT.
- Describe possible mitigations to avoid a similar exploit.
e-Portfolio Component: Collaborative Discussion 1: Digitalisation – What are the Security Implications of the Digital Economy?
- The discussion started in the previous unit was continued. Link to the discussion forum: here
Activity: Vulnerability Analysis – Literature Review Activity
Based on the information identified about your assigned websites, carry out a literature search/audit on software sites and the national vulnerabilities database to create a baseline audit on potential vulnerabilities with websites.
Exploring vulnerabilities in banking applications such as Zero Bank was an insightful but challenging experience. One of the main issues I faced was that the National Vulnerability Database (NVD) didn’t list specific entries for the site, as it’s a deliberately insecure demo website. To work around this, I shifted my focus to common weaknesses found in real-world banking applications, like SQL Injection, Cross-Site Scripting (XSS), and Broken Authentication, many of which are highlighted in the OWASP Top Ten (OWASP, no date).
Given the sensitive nature of financial data, it became clear how crucial it is for banking apps to guard against these risks. Some of the technical language in the NVD was a bit overwhelming at first, but turning to OWASP cheat sheets and internet helped break things down into more understandable terms. This activity gave me a clearer picture of the security challenges faced by banking platforms. It will definitely strengthen my assessments by allowing me to provide realistic examples and better-informed recommendations.
OWASP (no date) OWASP Top Ten. Available at: https://owasp.org/www-project-top-ten/ (Accessed: 10 May 2025).
Reflection
- I dedicated time to reviewing Zero Bank, to understand its layout and search for vulnerabilities. Due to its weak security, my browser initially blocked it, which I see as a promising start to my vulnerability assessments.