Presentation is loading. Please wait.

Presentation is loading. Please wait.

Secure Software Confidentiality Integrity Data Security Authentication

Published byBryce Short Modified over 6 years ago

Similar presentations

Presentation on theme: "Secure Software Confidentiality Integrity Data Security Authentication"— Presentation transcript:

1 Secure Software Confidentiality Integrity Data Security Authentication
Disclosure of information to only intended parties Integrity Determine whether the information is correct or not Data Security Privacy Data Protection Controlled Access Authentication Access to Authorized People Availability Ready for Use when expected Non Repudiation Information Exchange with proof

2 Software Security Security of Operating System
Security of Client Software Security of Application Software Security of System Software Security of Database Software Security of Software Data Security of Client Data Security of System Data Security of Server Software Security of Network Software

3 Why Security Testing For Finding Loopholes
For identifying Design Insecurities For identifying Implementation Insecurities For identifying Dependency Insecurities and Failures For Information Security For Process Security For Internet Technology Security For Communication Security For Improving the System For confirming Security Policies For Organization wide Software Security For Physical Security

4 Approach to Software Security Testing
Study of Security Architecture Analysis of Security Requirements Classifying Security Testing Developing Objectives Threat Modeling Test Planning Execution Reports

5 Security Testing Techniques
OS Hardening Configure and Apply Patches Updating the Operating System Disable or Restrict unwanted Services and Ports Lock Down the Ports Manage the Log Files Install Root Certificate Protect from Internet Misuse and be Cyber Safe Protect from Malware Vulnerability Scanning Identify Known Vulnerabilities Scan Intrusively for Unknown Vulnerabilities

6 Security Testing Techniques (continued…)
Penetration Testing Simulating Attack from a Malicious Source Includes Network Scanning and Vulnerability Scanning Simulates Attack from someone Unfamiliar with the System Simulates Attack by having access to Source Code, Network, Passwords Port Scanning and Service Mapping Identification and locating of Open Ports Identification of Running Services Firewall Rule Testing Identify Inappropriate or Conflicting Rules Appropriate Placement of Vulnerable Systems behind Firewall Discovering Administrative Backdoors or Tunnels

7 Security Testing Techniques (continued…)
Network Scanning Identifying Active Hosts on a network Collecting IP addresses that can be accessed over the Internet Collecting OS Details, System Architecture and Running Services Collecting Network User and Group names Collecting Routing Tables and SNMP data Password Cracking Collecting Passwords from the Stored or Transmitted Data Using Brute Force and Dictionary Attacks Identifying Weak Passwords Ethical Hacking Penetration Testing, Intrusion Testing and Red Teaming File Integrity Testing Verifying File Integrity against corruption using Checksum

8 Security Testing Techniques (continued…)
Session Hijacking Exploitation of Valid Computer Session Exploitation of the Web Session control mechanism Gain unauthorized access to the Web Server Phishing Masquerading as a trustworthy entity in an electronic communication Acquiring usernames, passwords and credit card details URL Manipulation Make a web server Deliver inaccessible web pages URL Rewriting

Download ppt "Secure Software Confidentiality Integrity Data Security Authentication"

Similar presentations

1 Chapter 8 Fundamentals of System Security. 2 Objectives In this chapter, you will: Understand the trade-offs among security, performance, and ease of.

1 Chapter 8 Fundamentals of System Security. 2 Objectives In this chapter, you will: Understand the trade-offs among security, performance, and ease of.
System and Network Security Practices COEN 351 E-Commerce Security.

System and Network Security Practices COEN 351 E-Commerce Security.
Defense-in-Depth Against Malicious Software Jeff Alexander IT Pro Evangelist Microsoft Australia

Defense-in-Depth Against Malicious Software Jeff Alexander IT Pro Evangelist Microsoft Australia
6/4/2015National Digital Certification Agency1 Security Engineering and PKI Applications in Modern Enterprises Mohamed HAMDI National.

6/4/2015National Digital Certification Agency1 Security Engineering and PKI Applications in Modern Enterprises Mohamed HAMDI National.
Network Security Testing Techniques Presented By:- Sachin Vador.

Network Security Testing Techniques Presented By:- Sachin Vador.
Database Security and Auditing: Protecting Data Integrity and Accessibility Chapter 2 Operating System Security Fundamentals.

Database Security and Auditing: Protecting Data Integrity and Accessibility Chapter 2 Operating System Security Fundamentals.
Lesson 9-Securing a Network. Overview Identifying threats to the network security. Planning a secure network.

Lesson 9-Securing a Network. Overview Identifying threats to the network security. Planning a secure network.
Assessing the Threat How much money is lost due to cyber crimes? –Estimates range from $100 million to $100s billions –Why the discrepancy? Companies don’t.

Assessing the Threat How much money is lost due to cyber crimes? –Estimates range from $100 million to $100s billions –Why the discrepancy? Companies don’t.
Brian Bradley.  Data is any type of stored digital information.  Security is about the protection of assets.  Prevention: measures taken to protect.

Brian Bradley.  Data is any type of stored digital information.  Security is about the protection of assets.  Prevention: measures taken to protect.
Enterprise Network Security Accessing the WAN Lecture week 4.

Enterprise Network Security Accessing the WAN Lecture week 4.
APA of Isfahan University of Technology In the name of God.

APA of Isfahan University of Technology In the name of God.
NUAGA May 22, 2014.  IT Specialist, Utah Department of Technology Services (DTS)  Assigned to Department of Alcoholic Beverage Control  PCI Professional.

NUAGA May 22,  IT Specialist, Utah Department of Technology Services (DTS)  Assigned to Department of Alcoholic Beverage Control  PCI Professional.
Lesson 8-Information Security Process. Overview Introducing information security process. Conducting an assessment. Developing a policy. Implementing.

Lesson 8-Information Security Process. Overview Introducing information security process. Conducting an assessment. Developing a policy. Implementing.
CHAPTER 3 Information Privacy and Security. CHAPTER OUTLINE  Ethical Issues in Information Systems  Threats to Information Security  Protecting Information.

CHAPTER 3 Information Privacy and Security. CHAPTER OUTLINE  Ethical Issues in Information Systems  Threats to Information Security  Protecting Information.
ISEC0511 Programming for Information System Security

ISEC0511 Programming for Information System Security
AIS, 20141 Passwords Should not be shared Should be changed by user Should be changed frequently and upon compromise (suspected unauthorized disclosure)

AIS, Passwords Should not be shared Should be changed by user Should be changed frequently and upon compromise (suspected unauthorized disclosure)
1-Vulnerabilities 2-Hackers 3-Categories of attacks 4-What a malicious hacker do? 5-Security mechanisms 6-HTTP Web Servers 7-Web applications attacks.

1-Vulnerabilities 2-Hackers 3-Categories of attacks 4-What a malicious hacker do? 5-Security mechanisms 6-HTTP Web Servers 7-Web applications attacks.
Lecture 10 Intrusion Detection modified from slides of Lawrie Brown.

Lecture 10 Intrusion Detection modified from slides of Lawrie Brown.
Business Computing 550 Lesson 6. 2 Security Threats on Web Sites Issues and vulnerabilities 1.Illegal Access and Use (Hacking the system or users exposing.

Business Computing 550 Lesson 6. 2 Security Threats on Web Sites Issues and vulnerabilities 1.Illegal Access and Use (Hacking the system or users exposing.
Software Security Testing Vinay Srinivasan cell: +91 9823104620.

Software Security Testing Vinay Srinivasan cell:

Similar presentations

Ads by Google