Tuesday, February 12, 2019

what is application security ? and it's types.

Application security:

It ensures the security of an application by taking some measures to protect the application from external threats. it is the use of software, hardware, and procedural methods to protect applications from external threats. security is becoming an increasingly important concern during the development as the application become more frequently accessible over the network and as result they become vulnerable to a wide verity of threats

Application security includes the following things 

1. knowing your threats 

2. securing the network host and network

3.encorporating security in the software development process


Issues of application security.

the important issues of application security include the following.


1.verification of users: 

an application needs to verify that only legitimate user or trying to use them. the identification of legitimate users by identifying their IP address

2. granting access to the user:

once a user is authenticated the application needs to determine if the identified user allowed to access the functionality requested by him. this is called authorization.

3. keeping the data confidential with encryption:

for business, transaction data from application system get exchange over the network. data stored by the application system need to be transmitted in encrypted form to prevent it from the potential attack.

4. Guaranteeing Data Integrity 

when the receivers get a message neither the sender nor the receiver can refuse it. That is the denial of authentication of the message. A digital signature is a common mechanism to guarantee data integrity.

5. Safeguarding application form common attack strategies 


6. Guarding the privacy of the application

Types of application security


1. email security 

Threats to email.
1. Junk file
Junk file is a very common term, that describes any orphaned file or it has no real value. Junk files are commonly referred among technologists ghost files or fantom files.


2. spam

Email spamming is an act of sending unsolicited bulk eMails, which one has not asked for. These are from commercial companies as an advertisement.


3. virus

Some emails may incorporate with files containing malicious scripts which may run on your computer and may lead to destroy or leak your important data.


4. Fishing

Email fishing is an activity of sending email to a user claiming to be a legitimate user of any enterprise. Its main purpose is to steal sensitive information such as password, username, etc.

Such e-mail contact with such websites Which are infected with viruses and ask for entering the details. This website looks like a legitimate enterprise.



5. Cleanup and archiving email

in order to have lightweight inbox its good to archive your inbox from time to time.
there are few steps to clean up and archive your inbox.
stapes:

  1.  select the file tab on the mail banner.
  2. select cleanup tools button on the account information screen.
  3.  select archive from cleanup tool dropdown menu.
  4. select archive this folder and all subfolder options and then click on the folder you want to archive.
  5. select the date from the archive items older than
  6. click browse to 'create new.pst' file name and location. and click 'ok'


2. database security

databases are a cardinal component of any web-based application that enables websites to provide varying dynamic content. databases to are usually intended to be shared across the deferent application thus the database security is primarily concern with the secrecy of data. it ranges from protection from intentional unauthorized database user to unintentional database accesses by unauthorized entities
the general categories of secrecy related problems in database management systems are:
  1. improper release of information from reading data that were intentionally accessed by an unauthorized user.
  2. the improper modification of data.
  3. denial of services(DOS) threats


threats to database security

  1. data tempering
  2. data theft
  3. password related threats
  4. falsification of user identification
  5. unauthorized access to tables and columns
  6. unauthorized access to data rows lack accountability


3. internet security

it contains IPSec(Internet Security Protocol) and SSL(Secure Socket Layer)

Internet security refers to securing communication over the internet it encompasses browser security, data security, net security and overall authentication and protection of data sent via internet protocol
1.IPSec(Internet Security Protocol)
2. SSL(Secure Socket Layer)

1.IPSec(Internet Security Protocol)


 it consists of a set of a protocol designed by IETF(Internet Engineering Task Force) it provides security at the network level and helps to create authenticated and confidential packets for IP layer 

2. SSL(Secure Socket Layer)


 it is a security protocol developed by net scape communication corporation. it provides security at the transport layer and includes the important security issues like confidentiality integrity and authenticity 

Threats to internet security


 it includes specific security protocol such as


  1. worms
  2. malware
  3. ransomware
  4. spam
  5. fishing
  6. spoofing



Backup 


 data backup refers to copying data into an archiving file. it may be used to restore the original content after a data loss event. 
  1. data backups have two main purpose the primary purpose is to recover the data after it's lost. (either by data deletion or corruption )
  2. the secondary purpose of data backups is to recover the data  from an earlier time 


at
Labels: , ,

6 comments:

Subscribe to: Post Comments (Atom)