Security Basics
- Authentication Authentication is the process that uniquely identifies the client of our services and applications.
- Authorization authorization is a process that orders operations and resources with only authenticated clients allowed to access
- Auditing This system ensures that a user cannot deny that he or she has performed an operation or initiated a transaction.
- Confidentiality Confidentiality is the process of ensuring that data remains private and confidential and cannot be seen by unauthorized users or snoopers who monitor traffic flow between networks.
- Integrity Integrity is the assurance that data is protected from intentional modification. 6. Availability From a security perspective, availability means the system remains available to authorized users.
Security Principles
- Compartmentalize Firewal
- Use least privilege:
- Apply defense in depth
- Do not trust user input
- Fail securely
- Reduce your attack
1. Injection
In the practice of using SQL, OS, and LDAP, injection is a very risky thing to happen. Injection is usually done by entering untrusted data into the interpreter as part of a command or query. The data entered by the injector can trick the interpreter into executing certain commands or accessing confidential data without permission.
2. Broken Authentication and Session Management
Functions in web-based applications related to authentication and session management are often not implemented properly. If this happens at a severe level, system attackers will easily steal and take advantage of passwords and other personal data that will harm users.
3. Cross-Site Scripting (XSS)
Weaknesses in XSS occur when an application accesses untrusted data and sends it over the web without proper validation confirmation.
4. Insecure Direct Object References
The direct object here relates when the developer exposes a reference to the internal object implementation. For example to a file, directory, or database key.
5. Security Misconfiguration
So far, a good security system requires a guaranteed configuration to access applications, frameworks, web servers, application servers, database servers, and platforms. Because the default settings are often not safe.
6. Sensitive Data Exposure
Many web-based applications do not properly protect sensitive data. For example, credit card data to authentication data. System attackers are very likely to steal or modify data with weak security systems to commit fraud.
7. Missing Function Level Access Control
The majority of web-based applications will verify the access function before making the function present in the user interface. In fact, the application also needs to do the same access control to the server.
8. Cross-Site Request Forgery (CSRF)
The way CSRF works is by forcing entry into the user’s browser which then sends HTTP requests, including cookies, as well as various confidential information stored in the browser, to a bogus web application.
9. Using Known Vulnerable Components
Basic components such as databases, frameworks, and various software modules are mostly run with full rights. If a risky component is exploited, it can cause data loss and server takeover.
10. Unvalidated Redirects and Forwards
Web-based applications used by users often redirect and forward to other pages or even other websites. This kind of action, without proper validation, can lead users to phishing pages.
The need for digital IT is needed in daily activities, Bead IT Consultant is the right choice as your partner, visit our website by clicking this link: www.beadgroup.com