Lesson 11: Enhance Application Security Capabilities

Secure Protocol

Communication rules that protect data by using encryption and authentication to keep it safe from hackers

• Often more complex to implement

Insecure Protocols

Transmit data in clear text format, meaning anyone accessing the data packets can read any intercepted data sent over a network.

Transport Layer Security

A security tool that protects internet data by using encryption and certificates to keep communications private and secure.

Legacy TLS Versions:

TLS version 1.0 & 1.1

Legacy System before TLS:

SSL versions 2.0 & 3.0

Cipher Suites

A set of encryption tools that help a server and client securely connect and protect data during communication.

Secure Directory Services

Systems that safely store and manage user accounts and access permissions to control who can log in and use resources on a network.

What does a network directory store?

Details about users, devices, files, and what access each user or device has to those files.

Lightweight Directory Access Protocol (LDAP)

A protocol that lets systems find and manage user information, like usernames and passwords, from a central directory.

Simple Network Management Protocol (SNMP)

A protocol that helps monitor and manage network devices like routers and servers

Whats the most secure version of SNMP?

SNMPv3

File Transfer Protocol (FTP)

A protocol that lets computers send and receive files over a network,

Secure Shell (SSH)

A protocol that lets you securely connect to and control remote computers, usually over port 22.

Secure File Transfer Protocol (SFTP)

A secure way to transfer and manage files over a network by using encryption through SSH to keep the data safe.

File Transfer Protocol Secure (FTPS)

A secure version of FTP that uses TLS encryption to keep files and login details private during transfers.

Simple Mail Transfer Protocol (SMTP)

A protocol used to send emails between computers on the internet

Secure SMTP (SMTPS)

A secure version of SMTP that uses SSL/TLS encryption to protect emails during sending,

Post Office Protocol (POP)

A way to download emails from a server to your device, usually removing them from the server after.

• POPS is the secure version

Internet Message Access Protocol (IMAP)

A protocol that lets you read and manage your emails directly on the mail server, so your messages stay synced across all your devices.

• IMAPS is the secure version

Sender Policy Framework

A tool that helps stop fake emails by checking if the sender is allowed to send email from that domain.

DomainKeys Identified Mail (DKIM)

A tool that adds a digital signature to emails to prove they’re from the right sender and haven’t been changed along the way.

Domain-based Message Authentication, Reporting & Conformance (DMARC)

A tool that helps domain owners block fake emails and get reports about who’s sending emails using their domain.

Business Email Compromise (BEC) Attack

A scam where attackers use fake or hacked business emails to trick people

Secure/Multipurpose Internet Mail Extensions (S/MIME)

A tool that encrypts emails and adds a digital signature so only the right person can read them and be sure they came from you.

Data Loss Prevention (DLP)

A security tool that stops sensitive data from being shared or stored in the wrong places

Domain Name System Security Extensions (DNSSEC)

A security feature that makes sure DNS information is correct and hasn’t been tampered with, helping you safely reach real websites.

Code Signing

A way to prove software is from a trusted source and hasn’t been changed, using a digital signature

Static Code Analysis

A way to check code for mistakes or security issues without running it, helping fix problems early in development.

Dynamic Code Analysis

A way to test software while it’s running to find bugs or security issues that happen during execution.

Input Validation

A way to check and clean user input to make sure it's safe and in the right format before the app uses it.

Injection Attack

When hackers insert harmful code into an app’s input to steal data, take control, or break the system.

Data Exposure

When someone gets access to private or sensitive information because it wasn't properly protected.

Error Handling

How an app deals with problems so it doesn’t crash or expose sensitive info when something goes wrong.

Sandboxing

A way to run programs in a safe, separate space so they can’t harm the system or access anything they shouldn’t.