Physical and Software controls
Category of software tools that help a software team manage changes to source code over time.
Poorly coded or malicious code that causes data loss, unauthorised access, privacy/legal issues...etc
What is a risk?
When personal information is accessed, disclosed without authorisation, or is lost.
What are data breaches?
An attacker injects malicious scripts into content that is later executed by other users. This attack exploits weaknesses in how web applications handle user input, allowing attackers to manipulate or steal data, hijack user sessions, or deface websites.
What is cross site scripting?
Laws created by parliament
What is Legislation
The process of identifying and verifying a user to confirm that they are allowed to access a resource
What is user authentication?
The process of systematically reviewing and assessing software applications, codebases, processes, or systems to ensure they meet specific standards, guidelines, and requirements.
What is software auditing?
Negative outcomes such as: Emails used for phishing scams, Breaches of privacy law, Unauthorised access to customer accounts, Loss of reputation with customers, Company collapse
What are consequences?
JavaScript is a high-level, versatile programming language commonly used in web development to create interactive and dynamic content for websites
What is Javascript?
Refers to programs that are developed by companies other than the company that developed the computer's operating system.
Software modules included in an application that the developer did not program themselves, acquired from somewhere else.
What is a third party software
Encoding information so that it is unreadable without the use of an encryption key
What is encryption?
A simulated cyber attack against your computer system to check for exploitable vulnerabilities
Cyberattack where an attacker intercepts the communication between two parties . The attacker positions themselves between the sender and receiver and impersonates either one, secretly capturing or modifying the information exchanged
What is a Man-in-the-middle attack?
Running malicious sql commands via unsanitized user inputAllows unauthorized users to add/modify/delete contents of the SQL database
What is a SQL Injection?
Security vulnerability, High battery usage, Privacy issues Can be active without the user’s awareness, Higher resource usage (RAM, CPU), Loss of access to third party due to server maintenance
What are risks of using a third party software
The process of improving and modifying an existing software in order to improve security, fix errors, add new functionality and improve performance
What is software updates?
A risk that causes unintentional destruction, deletion, or corruption of data during the software's lifecycle.
What is data loss?
A range of malicious activities where attackers manipulate individuals into divulging confidential information, such as passwords, personal data, or financial details. Rather than directly attacking software or systems, social engineering exploits human psychology
What is social engineering?
Sanitise/escape user input to remove special characters associated with SQL commands
How to prevent SQL injections?
Rules for the collection, storage, and communication of personal information
What is the Privacy Act 1988
What is symmetric encryption?
A risk that causes situations where individuals or systems gain access to software applications, databases, networks, or sensitive information without proper permissions.
What is unauthorised access?
An attack where attackers send fraudulent emails or messages that appear to come from a legitimate source, the message typically contains a link or attachment that, if clicked, can install malware or direct the victim to a fake website where they are asked to enter sensitive information.
What is phishing?
Sanitise/escape user input to remove special characters associated with JavaScript commands
How to prevent cross site scripting?
Collection and handling of health information in public and private sector
What is the Health Records Act 2001