Security Vulnerabilities and Controls.

Vunerabilties

Data Breaches - Unauthorised access to data. Many controls required

Controls

Man in the middle attack - intercepting data transfer using a Fake Wifi network, Enctyption or VPN to protect against it

Social Engineering - When a person is manipulated to provide private information/initiate a transaction or press a link.

cross-site scripting (XSS) - When a hacker injects a script on a venerable website then a user visits the trusted website which triggers the malicious script which forwards the user to a destination and gives the hacker desired information

xss-attack

SQL Injections - Allows a malicious user to inject SQL commands on a database on a venerable server with a malicious intent

lock_circuit_board_bullet_hole_computer_security_breach_thinkstock_473158924_3x2-100732430-large

Third-party software - An application that was developed by another company which is not developed by the operation system EG - OBS / Roblox

: 1200px-OBS_Studio_Logo.svg

Diminished data integrity - Data is unclear or corrupts the data

Version Control - Having multiple versions of a project backed up as it is being developed. This protects any data loss/ prevents overwritten data.

User authentication Confirming that the account belongs to the user. Preventing unauthorised access

Encryption -When data is scrambled to make it unreadable without the use of an encryption key

Software updates - When the developer sends out new programs to fix vulnerabilities

Software auditing and testing strategies

Penetration Testing - It is a simulated cyber attack against the users computer for exploitable vulnerabilities

Static Application Security Testing - When the developer looks at the source code to see if there is any vulnerabilities


Dynamic Application Security Testing - Conducted by a hacker, they inject malicious code during the run time of the application


Interactive Application Security Testing - An application that is running al the time to check for vulnerabilities all the time during development

Run-time Application Self Protection - It terminates attacks from hackers, it continually checks the application for any attacks and terminates the attacks session.