Cyber-security
a category of software tools that help a software team manage changes to source code over time
Version Control System
Not functionality, related to security
Software Auditing
When personal information is accessed, disclosed without authorisation, or is lost.
Data breeches
Unsecured web pages, web applications, and web servers running malicious Javascript code
Cross-site Scripting (XSS)
To confirm a user is allowed to access a resource
User authentication
Data loss (crashing bugs)
Unauthorised access (lack of security)
What are the potential risks of poorly coded or malicious code?
Emails used for phishing scams
Breaches of Privacy Law (fines)
Unauthorized access to customer accounts
Loss of reputation with customers
Company collapse
What are the consequences of breeching data?
Allows dynamic and interactive content on HTML/CSS webpages. 97% of websites used it.
Encoding information so that is unreadable without the use of the encryption key
Encryption
Audit (check/review/test) code written locally, or obtained from an online source
Review the interaction between modules within the software, e.g login, saving, data manipulation
Review the software to minimise risks during development
Make changes/fixes if issues with software/modules are found
What does Software Auditing do?
An attacker ‘spoofs’ an unsecured wifi network that a client connects too
Man-in-the-middle attack
Running malicious sql commands via unsanitized user input
Allows unauthorized users to add/modify/delete contents of the SQL database
SQL injection
The algorithm that encrypts the plaintext / decrypts the ciphertext
Cypher
A simulated cyber attack against your computer system to check for exploitable vulnerabilities
Penetration Testing
Manipulation of the weakest link in a computer system
Social Engineering
Sanitise/escape user input to remove special characters associated with SQL commands
How to prevent SQL injection?