Security Vulnerabilities and Controls.
Vunerabilties
Data Breaches - Unauthorised access to data. Many controls required
Controls
Man in the middle attack - intercepting data transfer using a Fake Wifi network, Enctyption or VPN to protect against it
Social Engineering - When a person is manipulated to provide private information/initiate a transaction or press a link.
cross-site scripting (XSS) - When a hacker injects a script on a venerable website then a user visits the trusted website which triggers the malicious script which forwards the user to a destination and gives the hacker desired information
SQL Injections - Allows a malicious user to inject SQL commands on a database on a venerable server with a malicious intent
Third-party software - An application that was developed by another company which is not developed by the operation system EG - OBS / Roblox
:
Diminished data integrity - Data is unclear or corrupts the data
Version Control - Having multiple versions of a project backed up as it is being developed. This protects any data loss/ prevents overwritten data.
User authentication Confirming that the account belongs to the user. Preventing unauthorised access
Encryption -When data is scrambled to make it unreadable without the use of an encryption key
Software updates - When the developer sends out new programs to fix vulnerabilities
Software auditing and testing strategies
Penetration Testing - It is a simulated cyber attack against the users computer for exploitable vulnerabilities
Static Application Security Testing - When the developer looks at the source code to see if there is any vulnerabilities
Dynamic Application Security Testing - Conducted by a hacker, they inject malicious code during the run time of the application
Interactive Application Security Testing - An application that is running al the time to check for vulnerabilities all the time during development
Run-time Application Self Protection - It terminates attacks from hackers, it continually checks the application for any attacks and terminates the attacks session.