Introduction to Software Security
Overview of this blog?
This is written to get knowledge about Software Security, Application Security, Current Practices in Application Security, Issues with Security Breaches , Types of Attacks , Methods Of Attack , Why Application Security is not Good enough? , Secure Software Development Life Cycle (SSLDC) and Career Pathways.
Software Security and Application Security
Software Security
A way to defend against software exploits by building software to be secure.
Root Cause Analysis ,
Holistic Long Term Approach ,
Organizational Change
Application Security
A way to defend against software exploits after the deployment is complete.
Penetrate and Patch,
Issue-Based Short Term Approach ,
Threat Modeling,
Code Review,
Code Review Process
Current Practices in Application Security
Vulnerability Assessment
The process of identifying and quantifying vulnerabilities in an environment.
Penetration Test
Simulates the actions of an external and /or internal attacker that aims to breach the security of the Organization.
Issues with Security Breaches
Immediate Financial Loss
Reputation
Lawsuits
Types of Attacks
Leakage : Information Leaving System.
Tampering : Unauthorized Information Altering.
Resource Stealing : Illegal Use of Resources.
Vandalism : Disturbing Correct System Operation.
Denial Of Service : Disrupting Legitimate System Use.
Methods Of Attack
Eavesdropping : Obtaining Message copies without authority.
Masquerading : Using Identity of another principle without authority.
Message tampering : Intercepting and altering messages.
Replaying : Storing messages and sending them later.
Flooding : Sending too many messages.
Why Application Security is not Good enough?
Applying And Managing Security Patches May be Costly
0-day Vulnerabilities.
Patches May Not Fix The Cause.
Firewalls And IDSs May Not Be Sufficient.
Secure Software Development Life Cycle (SSLDC)
Career Pathways
Penetration testing
Vulnerability assessment
Software Engineering
Software Quality Assurance
Incident Response
DevOps development/Automation
Project Management
Conclusion
You can get some basic knowledge about Software Security. Mainly these essential points are discussed here.