Software Security Development – A White Hat’s Perspective

“If you know the enemy and know yourself you need not fear the results of a hundred battles. If you know yourself but not the enemy, for every victory gained you will also suffer https://www.westernjanitorial.com/ a defeat. If you know neither the enemy nor yourself, you will succumb in every battle.” – Sun Tzu[1]

Introduction-

How to know your enemy

Knowing your enemy is vital in fighting him effectively. Security should be learned not just by network defense, but also by using the vulnerability of software and techniques used for malicious intent. As computer attack tools and techniques continue to advance, we will likely see major, life-impacting events in the near future. However, we will create a much more secure world, with risk managed down to an acceptable level. To get there, we have to integrate security into our systems from the start, and conduct thorough security testing throughout the software life cycle of the system. One of the most interesting ways of learning computer security is studying and analyzing from the perspective of the attacker. A hacker or a programming cracker uses various available software applications and tools to analyze and investigate weaknesses in network and software security flaws and exploit them. Exploiting the software is exactly what it sounds like, taking advantage of some bug or flaw and redesigning it to make it work for their advantage.

Similarly, your personal sensitive information could be very useful to criminals. These attackers might be looking for sensitive data to use in identity theft or other fraud, a convenient way to launder money, information useful in their criminal business endeavors, or system access for other nefarious purposes. One of the most important stories of the past couple of years has been the rush of organized crime into the computer attacking business. They make use of business processes to make money in computer attacks. This type of crime can be highly lucrative to those who might steal and sell credit card numbers, commit identity theft, or even extort money from a target under threat of DoS flood. Further, if the attackers cover their tracks carefully, the possibilities of going to jail are far lower for computer crimes than for many types of physical crimes. Finally, by operating from an overseas base, from a country with little or no legal framework regarding computer crime prosecution, attackers can operate with virtual impunity [1].

Current Security

Assessing the vulnerabilities of software is the key to improving the current security within a system or application. Developing such a vulnerability analysis should take into consideration any holes in the software that could carry out a threat. This process should highlight points of weakness and assist in the construction of a framework for subsequent analysis and countermeasures. The security we have in place today including firewalls, counterattack software, IP blockers, network analyzers, virus protection and scanning, encryption, user profiles and password keys. Elaborating the attacks on these basic functionalities for the software and the computer system that hosts it is important to making software and systems stronger.

You may have a task which requires a client-host module which, in many instances, is the starting point from which a system is compromised. Also understanding the framework you’re utilizing, which includes the kernel, is imperative for preventing an attack. A stack overflow is a function which is called in a program and accesses the stack to obtain important data such as local variables, arguments for the function, the return address, the order of operations within a structure, and the compiler being used. If you obtain this information you may exploit it to overwrite the input parameters on the stack which is meant to produce a different result. This may be useful to the hacker which wants to obtain any information that may grant them access to a person’s account or for something like an SQL injection into your company’s database. Another way to get the same effect without knowing the size of the buffer is called a heap overflow which utilizes the dynamically allocated buffers that are meant to be used when the size of the data is not known and reserves memory when allocated.

Leave a Reply

Your email address will not be published. Required fields are marked *