Subscribe by Email

Thursday, April 19, 2012

What are different kinds of security threats?

Security vulnerabilities and security threats are one of the biggest issues of today in the field of software engineering. As more sophisticated is the today’s software is, the more critical security issues it struggles with.

Any software is bombarded with one compulsory question that how safe and secure it is? Does it have any possibilities of keeping the attackers at bay from interfering with the security of the software system or application? Has any effective strategy been designed for dealing with any possible security issues and keep sensitive data out of the reach of the attackers and strengthen the security programs of the software system or application? 

Today as the technology is advancing; it is being misused in the creation of new methods or strategies for breaking out in to the security system of a system or application. Attackers are being influenced by the chances of financial gain and are always involved with the exploitation of the various software systems and applications over the years. This article gives a glance about all such security threats that our software systems and applications face today.

How are security threats categorized?

The security threats are categorized in to many categories:

1.        Validation of input: It faces threats like:
(a)      cross site scripting
(b)      SQL injection attacks
(c)       buffer overflow
(d)      Ccnonicalization

2.        Authentication:
(a)      Brute force attack
(b)      Network eavesdropping
(c)       Dictionary attacks
(d)      Credential theft
(e)      Cookie repay

3.        Authorization:
(a)      Disclosure of confidential data
(b)      Elevation of privilege
(c)       Luring attacks
(d)      Data tempering

4.        Configuration management: It faces following threats:
(a)     Unauthorized access to interfaces
(b)      Retrieval of configuration data
(c)      Over privileged process
(d)      Lack of individual accountability

5.        Session management:
(a)      Man in the middle
(b)      Session hijacking
(c)      Session replay

6.       Sensitive information:
(a)      Network eavesdropping
(b)      Access of sensitive data in the storage
(c)       Data tempering

7.        Cryptography:
(a)     Weak encryption
(b)      Poor key management

8.        Parameter manipulation:
(a)      Form field manipulation
(b)      Cookie manipulation
(c)      Query string manipulation
(d)      HTTP header manipulation

9.        Exception management:
(a)     Denial of service
(b)     Information disclosure

10.     Auditing and logging:
(a)      User denial for performing an operation
(b)      Exploitation of an application without trace
(c)      Covering of the attacks by the attacker

Usually security is often either thought of as an operational IT issue that is concentrated up on building defending systems or strategies for the softwares to protect them from the malicious security breaches and attackers or as an issue concerned with the protection of the personal, critical and sensitive data.  

Importance of Security

- Lack of security is what makes a software vulnerable to such issues.

- The security needs to be addressed in some more elaborate way since the attackers are far more ingenious and creative people.

- A software security must be aimed at building a defect free software system or application.

- Out of all the defects of the software system, few tend to become the source of security vulnerabilities. 

- Softwares that have been built with more concentration on the system security are found to be more resistive to the security threats and if in case they are struck with some security issue they have the capability of recovering as soon as possible. 

- It is important to incorporate security in to the software systems are from the initial phase to the last and final phase.

- This can start right from implementing secure software coding and testing methodologies. 

- The software developers, programmers and testers can be trained to implement language specific secure coding practices.

- Conducting a risk based security testing yields greater benefits. It adequately highlights the weaknesses of the software system or application.

No comments:

Facebook activity