ITEC 100- WEEK 7

involves detecting and

fixing vulnerabilities in

application software to

protect against

unauthorized access,

alterations, or misuse.

Application security

a user can be authorized to access an application by verifying their identity against a list of approved users.

Authorization

Additional security measures protect sensitive data from cybercriminals

even after user verification. In cloud- based applications, encrypting data during transmission ensures its safety.

Encryption

If a security breach occurs in an

application,_______ can assist in

determining who gained access to

the data and how they did so.

Application log files keep track of

which parts of the application have

been accessed and by whom.

logging

A method that ensures that all of

these security controls are

functioning effectively.

Application Testing

detects code flaws by analyzing source files to identify

root causes. Comparing scan results with real-time solutions

accelerates issue detection, reduces MTTR, and supports

collaborative troubleshooting.

Static Application Security Testing (SAST)

proactively simulates security breaches on live applications

to identify exploitable flaws, making it effective for detecting

runtime and environment-related errors.

Dynamic Application Security Testing (DAST)

combines SAST and DAST by analyzing applications in real-

time during development or production. With access to all code

and components, it provides more accurate and detailed results.

Interactive Application Security Testing (IAST)

focuses on security within applications, providing

continuous monitoring and automatic responses to threats, such

as ending sessions and notifying IT teams.

Run-time Application Security Protection (RASP)

The architecture and design

of the application can be

examined for

security flaws before code

is created. The construction

of a threat model is

a popular strategy used at

this phase.

Design Review

A security engineer delves

into the application by

manually inspecting the

source code and looking for

security issues.

Vulnerabilities unique to the

application can be discovered

through understanding the

application.

White-box Security Review or Code Review

This is accomplished solely

through the use of an

application to test it for

security flaws; no source

code is necessary.

Black-box Security Audit

Many security tools can be

automated by including them

in the development or testing

process. Automated

DAST/SAST tools that are

incorporated into code

editors or CI/CD systems are

examples.

Automated Tooling

Many websites and software providers offer hacker-powered application security solutions through which individuals can be

recognized and compensated for reporting defects.

Coordinated Vulnerability Platform

It allows an attacker to insert client-side code into a webpage.

This gives the attacker direct access to the user's sensitive

information.

Cross-Site Scripting (XSS)

Attacks to flood a targeted server or the infrastructure that

supports it with various types of traffic. This illegitimate traffic

eventually prevents legitimate users from accessing the server,

causing it to shut down.

Distributed denial- of-service (DDoS)

It is a technique used by hackers to exploit database flaws.

SQL injection (SQLi)

To mimic authorized users after duping them into submitting an

authorization request. Since their accounts have additional

permissions, high-level users are obviously frequent targets of

this strategy, and once the account is compromised, the attacker

can remove, change, or destroy data.

Cross-Site Request Forgery (CSRF)

It occurs when bad actors execute a variety of attacks on an

application, they end up unintentionally changing some area of its

memory. As a result, the software exhibits unexpected behavior or

fails.

Memory corruption

It occurs when malicious code is injected into the system's

designated memory region. Overflowing the buffer zone's capacity

causes surrounding areas of the application's memory to be

overwritten with data, posing a security risk.

Buffer Overflow

is a security measure that prevents

unauthorized applications from running in ways that could

compromise data safety.

Application control

controls ensure records processing from initiation to completion

Completeness checks

controls ensure only valid data is input or processed

Validity checks

controls ensure unique, irrefutable identification of all users

Identification

controls provide an application system authentication mechanism

Authentication

controls ensure access to the application system

by approved business users only

Authorization

controls ensure data integrity feeds into the

application system from upstream sources

Input controls

controls ensure scientifically and

mathematically correct data, based on inputs and outputs

Forensic controls