What is Software Security?

Software Security

Software security is an idea designed to protect software from malicious attacks and other hacker vulnerabilities to function properly.

Difference between application security and software security?

Software security includes a holistic approach to improving an organization’s information security position, protecting assets, and enforcing the privacy of non-public information whereas Application security is just one domain in the whole process.

Some of Software security activities:

✫ User authentication

✫ Secure software design

✫ Validation of third-party components

Some of Application security activities:

✫ IP filtering

✫ Detection of malicious code

Some types of Software Attacks

★Social Engineering

Social Engineering is the malicious activities accomplished through human interactions. (Use psychological tricks to get sensitive information like name, passwords, answers for the security questions, security numbers.. etc) Phishing is also a type of social engineering and use to steal login credentials, user data and credit card numbers.. etc

Examples for Social Engineering:

⇒ Email from a friend

⇒ Responding to a question which we didn't have

⇒ Email from another trusted source

Ways to overcome those:

⇒ Be cautious of any download

⇒ Avoid clicking on unknown links

⇒ Be mistrustful of any unsolicited messages

⇒ Reject requests for help /offers from unknown sources

★TCP/IP Hijacking(session hijacking)

This is done by an intruder and tries to insert commands into an active login session.

★Replay Attacks

Breaking of security in which information is kept without authorisation and then transmit again to trick the receiver into uncertified operations such as false identification or identical transaction.

★ Data breaches

Stole the customer data, financial information, or intellectual property.

Some of the best practices to avoid software attacks

★ Update your system or software up to date.

★ Train and educate the users.

★ Segmenting the network.

★ Data Encryption.

★ Secure the computing devices.

Cryptography

This is used to avoid unauthorized access to information in transportation or storage.

Below are some basic concepts of Cryptography

Authentication code —this is an identifier used to verify the authenticity or identity of data

Salt- Here it adds random data before it passed to the Hash function. Salting is an additional step in Hashing

Symmetric Encryption — This is a type of Encryption. In here the same key is utilized to encrypt and decrypt data.

Rainbow table- The passwords in the system are not kept straight as plain texts, but are kept as hashed using encryption.

What are Encryption, Hashing, and Salting?

Encryption

The procedure of transforming data into a code, to avoid unauthorized access.

Ref: https://sectigostore.com/blog/what-is-asymmetric-encryption-how-does-it-work

Two types of Encryption:

  1. Symmetric encryption — In here the same key is utilized to encrypt and decrypt data.
  2. Asymmetric encryption- In here two different keys are utilized to encrypt and decrypt data.

(For more information, refer to https://sectigostore.com/blog/what-is-asymmetric-encryption-how-does-it-work/)

Hashing

Hashing is the procedure of transforming a given key into another value. The hash function is used to generate the new value. The hash value is the result of a hash function. (Hashing is a one-way function)

Ref: https://www.thesslstore.com/blog/difference-encryption-hashing-salting/

Salting

Salting is done by joining an extra secret value to the input, extending the length of the original password. (Salting is an additional step in Hashing)

Ref: https://cyberhoot.com/cybrary/password-salting/

References

--

--

--

Associate Software Engineer at Virtusa

Love podcasts or audiobooks? Learn on the go with our new app.

Recommended from Medium

Important Updated Regarding Exploit on May 26th.

Lets Defend — Ransomware Detected Walkthrough

CIL report: DEIP investment auctions

FATExDAO Update — Time to buck up…

Choose Your Own Red Team Adventure: What’s Running via the Windows API

DevSecOps: Embracing Automation, Letting Go of Tradition

OpIsrael (Operation Israel)

Russia’s Invasion of Ukraine Could Spark a Global Cyberwar

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
Irushinie Muthunayake

Irushinie Muthunayake

Associate Software Engineer at Virtusa

More from Medium

How James Bond saved Spider-Man !

VO Visas || Canada’s decision to land over 400,000 immigrants in 2021 has come at a cost

Of coffee pods and recycling

Of coffee pods and recycling

More than half of UK operators back to pre-Covid occupancy levels