0% found this document useful (0 votes)

72 views2 pages

It ws05 Web Security

The document discusses the importance of application security and computer security. It covers why security is a concern, what computer security entails including keeping secrets private, protecting scarce resources, and being good netizens on the internet. It also defines application security and discusses why it is important through reducing vulnerabilities and security risks.

Uploaded by

onezareden9

We take content rights seriously. If you suspect this is your content, claim it here.

Available Formats

Download as DOCX, PDF, TXT or read online on Scribd

0% found this document useful (0 votes)

72 views2 pages

It ws05 Web Security

Uploaded by

onezareden9

We take content rights seriously. If you suspect this is your content, claim it here.

Available Formats

Download as DOCX, PDF, TXT or read online on Scribd

You are on page 1/ 2

Page |1

ITWS-05 Web Security

WHY IS SECURE PROGRAMMING A CONCERN?

Security breaches blare out from print and online publications nearly every day. It hardly seems necessary to justify
a concern with secure programming—however, computer security is not just a simple issue in theory or practice. In
this chapter, we will explore some of the basic tenets of good security.

WHAT IS COMPUTER SECURITY?

Computer security is often thought of as a simple matter of keeping private data private. That is part of the
concept, perhaps even the most important part; but there are other parts also. We see three issues at the heart of
computer security:

• Secrets: Computers are information systems, and some information is necessarily proprietary.
This information might include the passwords and keys that protect access to the system’s scarce
resources, the data that allows access to users’ identities, and even actual real-life secrets that
could affect physical safety. Security in this respect is about making sure that such secrets do not
fall into the wrong hands, so that spammers cannot use a server to relay spam email, crooks
cannot charge their purchases to your credit card, and malicious hackers cannot learn what is
being done to prevent their threats.

• Scarce resources: Every computer has a limited number of CPU cycles per second, a limited
amount of memory, a limited amount of disk space, and a limited amount of communications
bandwidth. In this respect, then, security is about preventing the depletion of those resources,
whether accidental or intentional, so that the needs of legitimate users can be met.

• Good netizenship: When a computer is connected to the Internet, the need for security takes on
a new dimension. Suddenly, the compromise of what would appear to be merely local resources
or secrets can affect other computers around the world. In a networked world, every programmer
and sysadmin has a responsibility to every other programmer and sysadmin to ensure that their
code and systems are free from either accidental or malicious exploitation that could compromise
other systems on the net. Your reputation as a good netizen thus depends on the security of your
systems.

What is application security?

Application security, or appsec, is the practice of using security software, hardware, techniques, best practices and
procedures to protect computer applications from external security threats.

Security was once an afterthought in software design. Today, it's an increasingly critical concern for every aspect of
application development, from planning through deployment and beyond. The volume of applications developed,
distributed, used and patched over networks is rapidly expanding. As a result, application security practices must
address an increasing variety of threats.

How does application security work?

Security measures include improving security practices in the software development lifecycle and throughout the
application lifecycle. All appsec activities should minimize the likelihood that malicious actors can gain
unauthorized access to systems, applications or data. The ultimate goal of application security is to prevent attackers
from accessing, modifying or deleting sensitive or proprietar1y data.

Any action taken to ensure application security is a countermeasure or security control. The National Institute of
Standards and Technology (NIST) defines a security control as: "A safeguard or countermeasure prescribed for an
information system or an organization designed to protect the confidentiality, integrity, and availability of its
information and to meet a set of defined security requirements."

An application firewall is a countermeasure commonly used for software. Firewalls determine how files are
executed and how data is handled based on the specific installed program. Routers are the most common
countermeasure for hardware. They prevent the Internet Protocol (IP) address of an individual computer from being
directly visible on the internet.

1
https://www.techtarget.com/searchsoftwarequality/definition/application-security

IT WS 05 Web SECURITY Martinelli Cabullos

Page |2

Other countermeasures include the following:

conventional firewalls

encryption and decryption programs

antivirus programs

spyware detection and removal programs

biometric authentication systems

Why is application security important?

Application security -- including the monitoring and managing of application vulnerabilities -- is important for
several reasons, including the following:

Finding and fixing vulnerabilities reduces security risks and doing so helps reduce an organization's overall attack
surface.

Software vulnerabilities are common. While not all of them are serious, even noncritical vulnerabilities can be
combined for use in attack chains. Reducing the number of security vulnerabilities and weaknesses helps reduce the
overall impact of attacks.

Taking a proactive approach to application security is better than reactive security measures. Being proactive
enables defenders to identify and neutralize attacks earlier, sometimes before any damage is done.

As enterprises move more of their data, code, and operations into the cloud, attacks against those assets can increase.
Application security measures can help reduce the impact of such attacks.