Security
vulnerabilities and security threats are one of the biggest issues of today in
the field of software engineering. As more sophisticated is the today’s
software is, the more critical security issues it struggles with.
Any software
is bombarded with one compulsory question that how safe and secure it is? Does
it have any possibilities of keeping the attackers at bay from interfering with
the security of the software system or application? Has any effective strategy
been designed for dealing with any possible security issues and keep sensitive
data out of the reach of the attackers and strengthen the security programs of
the software system or application?
Today as the technology is advancing; it is
being misused in the creation of new methods or strategies for breaking out in
to the security system of a system or application. Attackers are being
influenced by the chances of financial gain and are always involved with the
exploitation of the various software systems and applications over the years.
This article gives a glance about all such security threats that our software
systems and applications face today.
How are security threats categorized?
The
security threats are categorized in to many categories:
1.
Validation of input: It faces
threats like:
(a) cross site scripting
(b) SQL injection attacks
(c) buffer overflow
(d) Ccnonicalization
2.
Authentication:
(a) Brute force attack
(b) Network eavesdropping
(c) Dictionary attacks
(d) Credential theft
(e) Cookie repay
3.
Authorization:
(a) Disclosure of confidential data
(b) Elevation of privilege
(c) Luring attacks
(d) Data tempering
4. Configuration management: It
faces following threats:
(a) Unauthorized access to interfaces
(b) Retrieval of configuration data
(c) Over privileged process
(d) Lack of individual accountability
5. Session management:
(a) Man in the middle
(b) Session hijacking
(c) Session replay
6. Sensitive information:
(a) Network eavesdropping
(b) Access of sensitive data in the storage
(c) Data tempering
7. Cryptography:
(a) Weak encryption
(b) Poor key management
8. Parameter manipulation:
(a) Form field manipulation
(b) Cookie manipulation
(c) Query string manipulation
(d) HTTP header manipulation
9.
Exception management:
(a) Denial of service
(b) Information disclosure
10. Auditing and logging:
(a) User denial for performing an operation
(b) Exploitation of an application without trace
(c) Covering of the attacks by the attacker
Usually
security is often either thought of as an operational IT issue that is
concentrated up on building defending systems or strategies for the softwares
to protect them from the malicious security breaches and attackers or as an
issue concerned with the protection of the personal, critical and sensitive
data.
Importance of Security
- Lack of security is what makes a
software vulnerable to such issues.
- The
security needs to be addressed in some more elaborate way since the attackers
are far more ingenious and creative people.
- A software security must be aimed
at building a defect free software system or application.
- Out of all the
defects of the software system, few tend to become the source of security
vulnerabilities.
- Softwares that have been built with more concentration on the
system security are found to be more resistive to the security threats and if
in case they are struck with some security issue they have the capability of
recovering as soon as possible.
- It is important to incorporate security in to
the software systems are from the initial phase to the last and final phase.
- This can start right from implementing secure software coding and testing
methodologies.
- The software developers, programmers and testers can be trained
to implement language specific secure coding practices.
- Conducting a risk based
security testing yields greater benefits. It adequately highlights the
weaknesses of the software system or application.
No comments:
Post a Comment