Please enable JavaScript.
Coggle requires JavaScript to display documents.
Security Vulnerabilities and Controls - Coggle Diagram
Security Vulnerabilities and Controls
Vulnerabilities
Risks
KK03
Social Engineering :
manipulation of the user typically known as phishing where scammers try to trick a person into allowing them access.
Man in the middle attacks:
Acts like a website to a user and acts like a user to the website so that they can view the data being put in and out of the program
Data breaches:
when a person's personal information is accessed disclosed without authorisation
KK04
SQL injections
Software from third parties
Cross sight scripting :
Reflected/non-Persistent
DOM/Client
Stored/persistent
Controls
KK01
Version Control systems
: are a category of software tools that help a software team manage changes to source code over time.
Software Updates
Improves Security, fixes errors, adds new functionality and improves usability.
Encryption
: Encoding information so that it is unreadable without the use of an encryption key
User Authentication
: the process of verifying the credentials of a particular user of a computer or software system to ensure that they have permission to use it.
KK02
Penetration Testing
: A simulated cyber attack is against your computer system to check for exploitable vulnerabilities
Once found, steps are taken to update applications to close vulnerabilities
Risks
Data loss (crashing bugs)
Unauthorised access (lack of security)
Compliance with tech standards
Privacy issues (is data protected?)
Legal issues (Copyright, Privacy)
Licencing (all parts licensed appropriately)
Software Auditing:
Not functionality, more related to security. Reviews the software minimise risks during development