Systems Security 1.4 Application Security Procedures
Section 1.4 is full of key terms that you want to be aware of. Not only should you be able to define what they do, but you want to consider how the term applies to applicant security. By now you know that security controls can be put in place through both software and hardware. When it comes to application (software) security, there are certain settings and procedures that can be done to fend off any type of unauthorized access. Below are a few of the terms described and the security procedures provided:
- · ActiveX – A product of Microsoft that adds functionality to websites. Often times it facilitates multimedia viewing, such as videos, as well as to change certain functions of a browser. Hackers have found ways to exploit holes within ActiveX to install malicious software. ActiveX now prompts a user to ensure that the ActiveX script is from a website they trust.
- · Java – Created by Sun Microsystems and allows applications to run under any and all operating systems. It is widely used for web development, though many programmers never thought to, or didn’t know how, to add security into the applications they were creating.
- · Browser – From Firefox to IE to Opera and Safari, to browse the internet, you need a functioning browser. Browsers have always been a wide target of attacks, though newer browsers and updates of older browsers allow for more security control with added pop-up blockers, addons, plugins, and other things.
- · Scripting – Scripts are basically programs that can be coded in various languages such as Perl, Python, JavaScript, and so on. With scripts, they can be exploited and put on the victim’s computer.
- · Cookies – Most websites will leave a cookie on your computer, especially when the website asks to remember your login preferences. The cookie is homed on your hard drive and can be retrieved by the website each time. However, though cookies themselves aren’t malicious, the personal information they hold can be gained and used in malicious ways.
- · Instant messaging – Instant messaging has been a popular way to communicate but the port that most of these programs use is extremely vulnerable to being exploited.
Nowadays, with application security being seen as a huge importance, many companies that create and distribute software are actually taking the time during the beginning development process to add-in pre-built security features. Companies are even looking to pay people to find bugs and security flaws within their programs. A very popularly known company doing this is no other than Google.
GetCertify4Less and GetCertified4Less
No comments:
Post a Comment