Please enable JavaScript.
Coggle requires JavaScript to display documents.
SECURITY VULNERABILITIES AND CONTROLS :lock: - Coggle Diagram
SECURITY VULNERABILITIES AND CONTROLS :lock:
CONTROLS
Version control
keeping multiple copies of software as it is developed. Protects against loss of overwritten data.
User Authentication
the process of verifying the credentials of a particular user of a computer or software system. Preventing unauthorised access.
Encryption
Process of converting readable data into unreadable characters to prevent unauthorized access.
Software Updates
These include bug fixes, additional security, additional software to keep your software up to date
Software auditing and testing strategies
Penetration Testing
Professional hacking to access data and computing power without being granted access; professional pen-testers are hired to identify and repair vulnerabilities and only work once, given written permission to obtain unauthorised access.
Static Application Security Testing
is used to secure software by reviewing the source code of the software to identify sources of vulnerabilities
Dynamic Application Security Testing
an application security solution that can help to find certain vulnerabilities in web applications while they are running in production.
Interactive Application Security Testing
analyses code for security vulnerabilities while the app is run by an automated test, human tester, or any activity “interacting” with the application functionality.
Run-time Application Self Protection
a technology that runs on a server and kicks in when an application runs. It's designed to detect attacks on an application in real time.
VULNERABILITIES
.
Diminished data integrity
Data that is not accurate, reasonable, timely, authentic or correct. 'Garbage In, Garbage out' The principle where if the input data is incorrect or no good, the output will be incorrect or no good as well.
Third-party software
a computer program created or developed by a different company than the one that developed the computer's operating system.
SQL injections
a common attack vector that uses malicious SQL code for backend database manipulation to access information that was not intended to be displayed.
cross-site scripting (XSS)
attacks are a type of injection, in which malicious scripts are injected into otherwise benign and trusted websites.
social engineering (Phishing)
Phishing attacks use email or malicious websites to solicit personal information by posing as a trustworthy organization. When users respond with the requested information, attackers can use it to gain access to the accounts.
man-in-the-middle attacks
When an attacker intercepts communications between two parties either to secretly eavesdrop or modify traffic traveling between the two. Attackers might steal login credentials or personal information, spy on the victim, or sabotage communications or corrupt data.
Data Breaches
happens when personal information is accessed, disclosed without authorisation or is lost.