What is Software Security?
Software Security
Software security is an idea designed to protect software from malicious attacks and other hacker vulnerabilities to function properly.
Difference between application security and software security?
Software security includes a holistic approach to improving an organization’s information security position, protecting assets, and enforcing the privacy of non-public information whereas Application security is just one domain in the whole process.
Some of Software security activities:
✫ User authentication
✫ Secure software design
✫ Validation of third-party components
Some of Application security activities:
✫ IP filtering
✫ Detection of malicious code
Some types of Software Attacks
★Social Engineering
Social Engineering is the malicious activities accomplished through human interactions. (Use psychological tricks to get sensitive information like name, passwords, answers for the security questions, security numbers.. etc) Phishing is also a type of social engineering and use to steal login credentials, user data and credit card numbers.. etc
Examples for Social Engineering:
⇒ Email from a friend
⇒ Responding to a question which we didn't have
⇒ Email from another trusted source
Ways to overcome those:
⇒ Be cautious of any download
⇒ Avoid clicking on unknown links
⇒ Be mistrustful of any unsolicited messages
⇒ Reject requests for help /offers from unknown sources
★TCP/IP Hijacking(session hijacking)
This is done by an intruder and tries to insert commands into an active login session.
★Replay Attacks
Breaking of security in which information is kept without authorisation and then transmit again to trick the receiver into uncertified operations such as false identification or identical transaction.
★ Data breaches
Stole the customer data, financial information, or intellectual property.
Some of the best practices to avoid software attacks
★ Update your system or software up to date.
★ Train and educate the users.
★ Segmenting the network.
★ Data Encryption.
★ Secure the computing devices.
Cryptography
This is used to avoid unauthorized access to information in transportation or storage.
Below are some basic concepts of Cryptography
✯ Authentication code —this is an identifier used to verify the authenticity or identity of data
✯ Salt- Here it adds random data before it passed to the Hash function. Salting is an additional step in Hashing
✯ Symmetric Encryption — This is a type of Encryption. In here the same key is utilized to encrypt and decrypt data.
✯Rainbow table- The passwords in the system are not kept straight as plain texts, but are kept as hashed using encryption.
What are Encryption, Hashing, and Salting?
Encryption
The procedure of transforming data into a code, to avoid unauthorized access.
Two types of Encryption:
- Symmetric encryption — In here the same key is utilized to encrypt and decrypt data.
- Asymmetric encryption- In here two different keys are utilized to encrypt and decrypt data.
(For more information, refer to https://sectigostore.com/blog/what-is-asymmetric-encryption-how-does-it-work/)
Hashing
Hashing is the procedure of transforming a given key into another value. The hash function is used to generate the new value. The hash value is the result of a hash function. (Hashing is a one-way function)
Salting
Salting is done by joining an extra secret value to the input, extending the length of the original password. (Salting is an additional step in Hashing)
References
