Software Development Security

The software development security domain focuses on the systems development life cycle (SDLC) from system conception through its design, development, deployment, operation, and eventual retirement from service. Information security and privacy professionals must be involved in all phases of SDLC to ensure the overall effectiveness of security controls and that privacy concerns are addressed.

The proliferation of personally-owned mobile devices (e.g, smartphones, tablets, and laptops) as well as the wide variety of vulnerable mobile apps creates a higher risk of exposing confidential and business-related information in the workplace. This can occur when such information is stored on personally-owned devices. Cyber-attacks often exploit the vulnerabilities inherent in applications and operating systems. That is why frequent updates and patches to software are necessary.

Additionally, special care must be taken when developing internal Web applications that are externally accessed through the Internet. The software code should be written following a secure coding guideline such as the Open Web Application Security Project

know more : level 3 network

Comments

Post a Comment

Popular posts from this blog

Implementing Core Cisco ASA Security (SASAC)

  ASA uses a security level associated with each interface. It is a number between 0 to 100 that defines the trustworthiness of the network that the interface is connected to; the bigger the number, the more trust you have in the network. For example, the most secure network, such as the inside LAN, should have the security level of 100. The outside network connected to an untrusted network (such as the Internet) should have the level of 0. The interface connected to the DMZ should have the security level set to somewhere between 1 and 99 (usually 50). Security levels are used to define how traffic initiated from one interface is allowed to return from another interface. By default, the higher level security interfaces can initiate traffic to a lower level. The stateful inspection determines whether the reply traffic is allowed to make it back through. The following picture illustrates the concept: level 100 for the inside network level 50 for the DMZ network level 0 for the outside ne
Read more

Netware Makes a Splash

During this period, several operating systems were developed, like IBM's MVS operating system, which still dealt with SNA. However, the development of another operating system, dubbed UNIX, really paved the way for NOS everywhere. After a project to develop a large and complex system called Multics failed to get off the ground at Bell Labs in 1969, a group of Bell researchers, led by Ken Thompson and Dennis Ritchie, started work on a less ambitious but no less powerful computing system. After a rocky first few years, Ritchie developed the C programming language, which allowed UNIX to become the first "portable" operating system, meaning it could be implemented on any computer system. The relative simplicity of the system's design and the availability of its source code turned UNIX into a darling of the academic world and a fixture on many university computer networks. Many versions of UNIX were developed, but the Berkeley Software Distribution (BSD) version, develo
Read more

How CrackStation Works

CrackStation uses massive pre-computed lookup tables to crack password hashes. These tables store a mapping between the hash of a password, and the correct password for that hash. The hash values are indexed so that it is possible to quickly search the database for a given hash. If the hash is present in the database, the password can be recovered in a fraction of a second. This only works for "unsalted" hashes. For information on password hashing systems that are not vulnerable to pre-computed lookup tables, see our hashing security page. Crackstation's lookup tables were created by extracting every word from the Wikipedia databases and adding with every password list we could find. We also applied intelligent word mangling (brute force hybrid) to our wordlists to make them much more effective. For MD5 and SHA1 hashes, we have a 190GB, 15-billion-entry lookup table, and for other hashes, we have a 19GB 1.5-billion-entry lookup table. Read more :  lm hash generator
Read more