Please enable JavaScript.
Coggle requires JavaScript to display documents.
Security Vulnerabilities and Controls. - Coggle Diagram
Security Vulnerabilities and Controls.
Vunerabilties
Data Breaches
- Unauthorised access to data. Many controls required
Man in the middle attack
- intercepting data transfer using a Fake Wifi network, Enctyption or VPN to protect against it
Social Engineering
- When a person is manipulated to provide private information/initiate a transaction or press a link.
cross-site scripting (XSS)
- When a hacker injects a script on a venerable website then a user visits the trusted website which triggers the malicious script which forwards the user to a destination and gives the hacker desired information
SQL Injections
- Allows a malicious user to inject SQL commands on a database on a venerable server with a malicious intent
Third-party software
- An application that was developed by another company which is not developed by the operation system EG - OBS / Roblox
:
Diminished data integrity
- Data is unclear or corrupts the data
Controls
Version Control
- Having multiple versions of a project backed up as it is being developed. This protects any data loss/ prevents overwritten data.
User authentication
Confirming that the account belongs to the user. Preventing unauthorised access
Encryption
-When data is scrambled to make it unreadable without the use of an encryption key
Software updates
- When the developer sends out new programs to fix vulnerabilities
Software auditing and testing strategies
Penetration Testing
- It is a simulated cyber attack against the users computer for exploitable vulnerabilities
Static Application Security Testing
- When the developer looks at the source code to see if there is any vulnerabilities
Dynamic Application Security Testing
- Conducted by a hacker, they inject malicious code during the run time of the application
Interactive Application Security Testing
- An application that is running al the time to check for vulnerabilities all the time during development
Run-time Application Self Protection
- It terminates attacks from hackers, it continually checks the application for any attacks and terminates the attacks session.