Software Defense Establishing Software Security White Paper


Allowing for such access necessarily creates a point of weakness, and this must be carefully guarded against through many levels of protection (Stuttard & Pinto 2007). Many of the same steps that are employed in access differentiation as described above can also be employed here -- multiple levels of access that is password protected, strict compartmentalization of data and of processes, and other features such as the recognition and removal of malicious input can all protect the opening that is created by administrative access to application information and code (Stuttard & Pinto 2007). Password-protected access to a web application's source code is one common example of this type of core defense capability, which grows more complex as both the complexity of the system and needs for security increase. Direct Attacks and Unauthorized Use: A More Detailed View

Direct attacks on applications, especially web-based applications, are becoming increasingly common as programming knowledge and skills continue to develop and become more widespread. Defense mechanisms against such attacks include encryption, frequently changing passwords, and psychological deterrents such as false weak spots or even fake access points (Stuttard & Pinto 2007). As hackers continue to find ways through security systems, however, these systems continue to develop more advanced and more thorough safeguards.

Differentiation of access, though a somewhat simpler task than protecting against deliberate attacks, is an almost universal need in most software applications, and has also continued to develop in recent...


Not only is access to certain information and program changes kept limited by various password and account access details, but other methods such as obfuscating the placement of certain information or process features, creating false leads similar to those that might be employed in hacker deflection, and notifying network administrators of any unsuccessful access attempts or unusual activity are all very different methods that can be employed to stop such access. In this way, both direct and accidental attempts to access unauthorized portions of an application or the information contained therein can often be prevented and almost always noted and mitigated.

These four core defense mechanisms described herein are not the only areas in which protection is needed for software applications and information technology systems and networks. These form the foundation of most security needs, however, and it is in these areas that advances both in defense mechanisms and in methods of breaching them remain at a continuous high-speed pace. It is the goal of hackers and of security developers to remain one step ahead of their opponents, and security design must also account for other accidental and internal vulnerabilities. Managing the four core defense mechanisms is an effective way of meeting this challenge.

Cite this Document:

"Software Defense Establishing Software Security" (2010, May 20) Retrieved February 25, 2024, from

"Software Defense Establishing Software Security" 20 May 2010. Web.25 February. 2024. <>

"Software Defense Establishing Software Security", 20 May 2010, Accessed.25 February. 2024,

Related Documents

To offer an information security awareness training curriculum framework to promote consistency across government (15). Security awareness is needed to ensure the overall security of the information infrastructure. Security awareness programs is the can help organizations communicate their security information policies, as well as tips for users, to help keep systems secure, and the practices the entire organization should be utilizing. However, as Kolb and Abdullah reiterate, "security awareness is not

who have access to the network do not maintain proper security procedures and remain well-informed regarding potential risks and updated procedures and policies (Cobb, 2011; Whitman & Mattord, 2011; ICR, 2008). Any security policy must, after being properly designed and established, be communicated clearly and comprehensively to all relevant personnel, which in today's organizations typically means anyone with access to a company computer and/or the company network, or who

Security Plan for the Maryland Public Safety Education and Training Center This paper will focus on a security plan designated for the Maryland Public Safety Education and Training Center. Here emphasis will be given on many things including facility assets that require protection, various threats which are directed towards the assets and the probability of loss. It is important to note that there are many complexes and facilities associated with the

SECURITY and PRIVACY - the following security and privacy requirements apply: The Office does not accept responsibility for the privacy, confidentiality or security of data or information not generated by this office or transmitted from external sources into the system. The Office does not accept responsibility for loss, corruption, misdirection or delays in transmission of personal data through the system. Users are responsible for the integrity of all data and

Security for Networks With Internet Access The continual process of enterprise risk management (ERM) has become an integral component of successful organizational assessment, because the process of accurately identifying various risk factors, and interpreting their potential advantages and disadvantages, ensures that a business remains capable of anticipating and addressing internal and external contingencies. The following ERM implementation plan for the security of internet-accessible networks is intended to provide a navigable framework

This researcher rejects the existence of online communities because computer mediated group discussions cannot possibly meet this definition. Weinreich's view is that anyone with even a basic knowledge of sociology understands that information exchange in no way constitutes a community. For a cyber-place with an associated computer mediated group to be labeled as a virtual settlement it is necessary for it to meet a minimum set of conditions. These are: