Software Security is an idea implemented to protect software against malicious attack and other hacker risks so that the software continues to function correctly under such potential risks. This is a very big topic and you will be easily get lost in it. We can easily say, “protect our system someone who logs in to our system with fake identity.” this sentence has the most common meaning for the Software Security and also we can say “protect our system from DOS attacks” means what is Software Security means. Introduction to Software Security.
Software Security vs Application Security | Introduction to Software Security
|Application Security||Software Security|
|–A way to defend against software exploit after the development is complete||–A way to defend against software exploit by building software to be secure|
|–Issue-based short term approach||–Holistic long term approach|
|–Penetrate and Patch||–Root Cause Analysis|
|–Threat Modeling||–Organizational change|
Current practices in Application Security | Introduction to Software Security
Why Application Security is not good enough?
Issues with Security Breaches
Software Security Terminology
Types of attacks
Categorization of attacks that may be made on system. There are five main areas.
This goals of attacks used to specify what the system is secure against.
Methods of Attacks
Secure Software Development Lifecycle – SDLC
- Requirement Gathering
In here, talk about the security requirements that need to setting up phrase gates and this is a risk assessment. A Software Requirement Specification or SRS is a document which records expected behavior of the system or software which needs to be developed.
Identity design requirements from security perspective. Architecture and design reviews and this is use for threat modeling. Software design is the blueprint of the system, which once completed can be provided to developers for code development. Based on the components in design, they are translated into software modules/functions/libraries like wise.
Identify the coding best practices and perform static analysis which means a code review. During this phase, the blueprint of the software is turned to reality by developing the source code of the entire application.
This is known as vulnerability assessment. Once the application development is completed, it is tested for various issues like functionality, performance, and so on. This is to ensure that the application is performing as expected.
Server configuration review and also known as network configuration review .Once the application is ready to go live, it is deployed on a production server in this phase. If it is developed for a client, the deployment happens in a client premise or datacenter where there client wants to get the application installed.
for more details click here to refer.
How to implement a S-SDLC
Aspects of Software Security
Is Software Security Costly?
There are two answers for this question. On is YES. if you only look at the cost from requirement capture to ship.
Another answer is NO. If you are considering total cost which includes requirement capture to ship and cost associated after deployment such as fixing bugs doing revisions.
What do we want to protect using the software security?
This is the end of the “Introduction to Software Security” article. Thank you for reading. If you are interesting on my article, make sure to follow my other articles as well. Make sure to leave a comment.
- Android Studio Articles – https://builditmasters.com/category/android-studio/
- Android Studio Firebase Tutorial – https://builditmasters.com/category/android-studio-firebase-tutorial/
- C Programming – https://builditmasters.com/category/programming/
- Flutter – https://builditmasters.com/category/flutter/
- GitHub Tutorials – https://builditmasters.com/category/github/
- Java Programming – https://builditmasters.com/category/java-programming/
- MERN / MEVN Stacks – https://builditmasters.com/category/mern_mevn_stacks/
- Tech News – https://builditmasters.com/category/tech-news/
- Theory Lessons – https://builditmasters.com/category/theory-lessons/
- Adobe Tutorials – https://builditmasters.com/category/adobe-tutorials/
- Best Website for Programming – https://builditmasters.com/category/best-website-for-programming/
- Different Programming Styles – https://builditmasters.com/category/different-programming-styles/
- Earn Money – https://builditmasters.com/category/earn-money/
- Social Word – https://builditmasters.com/category/social-world/