All of these tools make it possible for a hacker to not only corrupt the application itself in terms of accessing confidential information, but further allow for the hacker to spread damage deep into the application to attack other systems, essentially able to shut down an entire application with the corruption of contained information.
Though some of the aforementioned tactics involve the physical infiltration of a company in order to gain information and access into applications, the more common hacking tactics are the use of technological tools that allow the hacker to access information from the comfort of their own computer. The SANS (SysAdmin, Audit, Network, Security) Institute notes that there currently "appear to be two main avenues for exploiting and compromising applications: brute force password guessing attacks and web application attacks" (Dhamankar, Eisenbarth & King, 2009). This type of attack seems to be trending at an unparalleled level as seen in the figure to the right featured in the aforementioned SANS report detailing reported application threats in 2009.
Controls and Protections
In viewing the risks that hacking poses and in viewing some of the tools that hackers use, it is clear that software vulnerability control is likely one of the most important parts of application security. Though application control is a relatively new development in information security, several software manufacturers have come out with products that have proven effective in fighting the threat of hacking and protecting application quality control. Author Tim McCollum (2008) notes that there are many operational systems products offered to companies that "shields applications and data from outside attacks. These shields automatically run after installing or modifying the server software so that the shield matches the most-current configuration, preventing applications from acting outside their normal parameters" (McCollum, 2008).
Application control can further be completed...
Though many virus scanners will only detect viruses within its database leaving unknown viruses a risk, methods such as the use of patching applications to correct vulnerabilities as they appear prove to be vital in stopping viruses in their tracks. Further, password encryption at a company and individual level is a tool utilized to fight off the increasingly powerful hacking tool of password phishing.
Conclusion
In dealing with the issue of vulnerability and control in terms of software applications, it must be remembered that the issue is one that is ever-evolving and seemingly here to stay. Hackers will stop at nothing to crack into systems and applications in hope of accessing unauthorized information, and the only way to combat them is to study their tools and tactics. It is in doing so that application developers and users are more likely to spot areas within applications that are at risk of being corrupted by an outside source. It is apparent that in order to combat these hackers, diligence, education, and innovation are key in terms of application control. As applications become more sophisticated and complex, so do hackers, which is a key factor to remember in order to maintain quality assurance in software and application manufacturing.
References
Dalton, M., Kozyrakis, C. And Zeldovich, N. (2009). Preventing authentication and access control vulnerabilities in web applications. Network and Distributed Systems Security Symposium, 2009. Retrieved from: LexisNexis database.
Dhamankar, R., Eisenbarth, M., and King, J. (2009). Top security risks. SANS
Institute Report 2009. Retrieved from: ProQuest database.
McCollum, T. (2008). Applications control. The Internal Auditor. 59:2, 23-26. Retrieved
Software Applications Vs+Cs
