Application Security and it’s Concepts
Hi EveryOne ! Today we are going to discuss regarding Application security and its concept..
So as always, Lets begin with the basics,
what is internet.
Today our entire modern way of life totally depends on internet from communication to e-commerce.
Internet was not originally built for what it is today. It was developed when computers were so huge so expensive that only some organization and government had them. The purpose of the internet then, was to let these massive computers talk to each other. And these computers could send back and forth message to each other through a network.
These networks grew gradually when personal computers emerged in 1980’s. And now we don’t just use computers to talk to each other, we exchange money, play games, read news, do shopping and what not using internet.
Internet in firms entertains and connects us, but this luxury of internet comes with a price, which is SECURITY!
What is Cybersecurity?
Do you think we are safe using internet?
One computer could send another instruction to delete everything on it or completely take over. We call this VIRUSES and MALWARE.
One person could get another’s identity by guessing, cracking or extracting a password or someone could trick you to clicking on something which you are not supposed to and there by giving out confidential information. We call this as PHISHING ATTACKS.
These vulnerabilities are built into internet’s Architecture and we call them as cyberattacks.
Cyberattack is basically an attempt to gain illegal access to computers or computer system for the purpose of causing damage to them.
Some of the cyber attacks are Malware, Phishing, Man-in-the-Middle, Zero Day exploits, ransomware, etc.
Criminals use these attacks to steal billions of dollars, Government use them for survival and Hacktivist use them to further their personal goals.
But the good thing here is that, even with this flawed internet there are simple things that we can do to protect ourselves from these attacks.
This is where CYBERSECURITY comes into picture!
Cybersecurity is the protection of internet connect system like computers, servers, mobile devices, electronic gadgets, networks and data from malicious attacks.
Cybersecurity is sometimes referred to as Information Technology Security or Electronic Information Security.
So, when an Organization has a strong sense of network security and an effective Incident Response plan, it is able to prevent and mitigate this malicious attacks.
Network Security is the practice of securing a computer network from intruders, whether it could be a targeted attackers or simple malware.
What is Information Security?
It is basically protecting the Integrity and privacy of data.
So if you work in an Information security team, then you are protecting organizations from possible data breaches.
Where is Application Security and why does application seems to be great target for cyber crimes?
Ensuring Cyber Security requires the co-ordination of efforts throughout an information system and this includes APPLICATION SECURITY.
It mainly focuses on keeping software’s and devices free from cyber threats.
Now guys why do you think these web applications are the most preferred targets for cyber attacks.
Below are the few reasons:
- Poor coding practices – if the code is poorly written, hackers can exploit application layer loopholes to initiate the attack.
- Ease of execution & automation – Most of the attacks can be easily automated and launched unsystematically against hundreds/thousands of targets at the same time.
- High rewards for sensitive Data – This is the most popular reason, that people get paid in bulk to launch attack on applications.
Organizations failing to secure their web application run the risk of being attacked and that are mostly due to vulnerabilities present in the applications.
To Begin with, lets take a look at some common attacks.
- SQL Injection – Here the attacker uses the malicious SQL code to manipulate a back end database, so that he can get his hands on some sensitive information.
- Cross-site scripting – This usually occurs when attacker injects malicious code directly into an application. This way attacker can perform events like, money transfer, get victims account details, etc without the victims content.
- Remote File Inclusion – Hacker injects a file into a web application server. By doing so he can execute malicious scripts or code with in the applications as well as steal data and manipulate it without you knowing about it.
- Cross-site request forgery – It is caused when a malicious web application makes the victim’s browser perform an unwanted action in a site to which he is currently logged into.
Most of the time, Organizations have countermeasures to ensure safety from these attacks.
Let’s take a look at such counter measures:
- Web application Firewalls :- These firewalls are designed to examine and come in traffic to block attack attempts and thereby compensating for any code manipulation.
- Information Gathering :- By manually reviewing the application, you identify entry point, client-side code, server-side code, One can classify third party content, so that you can keep you application very safe.
- Authorization :- Here you can check for vertical and horizontal access controls issues, missing authorization and Insecure Direct Object reference.
- Cryptography :- One can use different types of Encryption and Decryption algorithms to secure all your data transmissions.
That’s all for this blog.
Do let me know ,how you find the blog.Was it helpful to you?So, if you like the blog.Do subscribe to get notified…!!!
Happy Learning !!!
If you have doubt or queries, you can definetely comment us or can mail us on [email protected]
If you have any Recommendation for future blog, You can email us on [email protected]
- Top Linux Commands
- Introduction to linux.
- Websphere hack
- My Story – Jboss Hardening
- Installation and configuration of Apache 2.2 on Linux
- DB Auto Re-connect.
- Redirection in Jboss.
- SSL Implementation in Jboss
- Best SSL Guide.
- Types of SSL.
- Best Jboss Server Security Guide.
- Introduction to hardening in Middleware.
- Hardening In Jboss EAP 5.1
- Enable TLS1.2 in Jboss EAP 7