Sign Up Now
Get instant access to over 1 million+ study documents
OR
Already registered? click here to login
By creating your account, you agree to our terms of service, privacy policy and student honor code.
All of these tools make it possible for a hacker to not only corrupt the application itself in terms of accessing confidential information, but further allow for the hacker to spread damage deep into the application to attack other systems, essentially able to shut down an entire application with the corruption of contained information.
Though some of the aforementioned tactics involve the physical infiltration of a company in order to gain information and access into applications, the more common hacking tactics are the use of technological tools that allow the hacker to access information from the comfort of their own computer. The SANS (SysAdmin, Audit, Network, Security) Institute notes that there currently "appear to be two main avenues for exploiting and compromising applications: brute force password guessing attacks and web application attacks" (Dhamankar, Eisenbarth & King, 2009). This type of attack seems to be trending at an unparalleled level as seen in the figure to the right featured in the aforementioned SANS report detailing reported application threats in 2009.
Controls and Protections
In viewing the risks that hacking poses and in viewing some of the tools that hackers use, it is clear that software vulnerability control is likely one of the most important parts of application security. Though application control is a relatively new development in information security, several software manufacturers have come out with products that have proven effective in fighting the threat of hacking and protecting application quality control. Author Tim McCollum (2008) notes that there are many operational systems products offered to companies that "shields applications and data from outside attacks. These shields automatically run after installing or modifying the server software so that the shield matches the most-current configuration, preventing applications from acting outside their normal parameters" (McCollum, 2008).
Application control can further be completed...
Though many virus scanners will only detect viruses within its database leaving unknown viruses a risk, methods such as the use of patching applications to correct vulnerabilities as they appear prove to be vital in stopping viruses in their tracks. Further, password encryption at a company and individual level is a tool utilized to fight off the increasingly powerful hacking tool of password phishing.
Conclusion
In dealing with the issue of vulnerability and control in terms of software applications, it must be remembered that the issue is one that is ever-evolving and seemingly here to stay. Hackers will stop at nothing to crack into systems and applications in hope of accessing unauthorized information, and the only way to combat them is to study their tools and tactics. It is in doing so that application developers and users are more likely to spot areas within applications that are at risk of being corrupted by an outside source. It is apparent that in order to combat these hackers, diligence, education, and innovation are key in terms of application control. As applications become more sophisticated and complex, so do hackers, which is a key factor to remember in order to maintain quality assurance in software and application manufacturing.
References
Dalton, M., Kozyrakis, C. And Zeldovich, N. (2009). Preventing authentication and access control vulnerabilities in web applications. Network and Distributed Systems Security Symposium, 2009. Retrieved from: LexisNexis database.
Dhamankar, R., Eisenbarth, M., and King, J. (2009). Top security risks. SANS
Institute Report 2009. Retrieved from: ProQuest database.
McCollum, T. (2008). Applications control. The Internal Auditor. 59:2, 23-26. Retrieved
Software Application Process for a Clinician Provider Order Entry (CPOE) system Software Application Process Clinician Provider Order Entry (CPOE) System The planning, customization, launch and continued use of a Clinician Provider Order Entry (CPOE) system in a local hospital forms the foundation of this analysis. The processes being used prior to the systems' planning and implementation are detailed to provide a basis of comparison of system contribution and performance. A timeline of the
Software Development Life Cycle ( SDLC) Explain Requirement process ( in SDLC) in detail. Why is this exercise important? Requirements engineering is a fundamental activity in systems development and it is the process by which the requirements for software systems are identified, systematized and implemented and are followed through the complete lifecycle. Traditionally engineers focused on narrow functional requirements. Now it is being argued by Aurum and Wohlin (2005) that focusing only
Cyber Security Vulnerabilities Single Most Important Cybersecurity Vulnerability Facing IT Managers Today Cyber Security Vulnerabilities Facing IT Managers Today At present, computers link people to their finances through online banking and a number of many online applications that offer access to accounts. In addition, they provide a connection to a broad variety of information, including social media, for instance, Face book, YouTube and Twitter. Interconnectivity of the systems have made it possible for
" (Tolone, Ahn, Pai, et al. 2005 P. 37). Table 1 provides the summary of the evaluation of various criteria mentioned in the paper. The table uses comparative terminology such as High, Medium and Low and, descriptive terminology such as Active, Passive, and Simple, and the standard Yes (Y) and No (N). The research provides the solutions based in the problems identified with the access controls evaluated. Table I: Evaluation of Access
Networks Security Management Network Security Management Why Threat Management Is Different from Vulnerability Management Studies have attempted to examine on the possibility of implementing an all rounded technology that seeks to manage several layers of OSI networking levels. However, this implementation has considerably lost influence since this approach is defeated by the nature of attacks. Currently, 2600 hacking publication presents to a user several methodologies of attacks. In fact, hacking as become complex
Health-Care Data at Euclid Hospital Security and Control: A White Paper Protecting Health-Care Data The efficiency of the modern healthcare system is increasingly becoming reliant on a computerized infrastructure. Open distributed information systems have been initiated to bring professionals together on a common platform throughout the world. It needs to be understood that easy and flexible methods of processing and communication of images; sound and texts will help in visualizing and thereby