Scribd
Upload
17 views

Module 8 Part 1

Uploaded by

sachiherath690
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PPTX, PDF, TXT or read online on Scribd
17 views

Module 8 Part 1

Uploaded by

sachiherath690
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PPTX, PDF, TXT or read online on Scribd
You are on page 1/ 23

ITOP 2204: Computing Security

Architecture
Module 8 – Application, Data, Cloud and
Host Security
3

List the steps for securing a host


computer

Define Application Security

Objectives
Discuss Data Loss Prevention (DLP)

Define Cloud Security and its methods


Application Security
Application Security

• Application security describes security measures at the application


level that aim to prevent code within the app, or the data stored
by the app from being stolen or hijacked.

5
6

What are the dangers


exposed by insecure
applications
7
• Applications can be hijacked by
crypto miners
• User credentials and passwords
can be intercepted by hackers
• Application Code could be
Dangers of exposed
Insecure • Data stored by the application
could be hijacked.
Applications • Cross Site Scripting Attacks
• SQL Injection Attacks
• XML Injection Attacks
• Backdoor Attack
8

Application Security

• Aspects of securing applications


• Application Development
Security
• Application Hardening
• Patch Management
• Secure Data & Data Loss
Prevention
9

Application • Security for applications must be


considered through all phases of
Developmen design and development cycle

t Security • Application configuration baselines


need to be established
SOFTWARE DEVELOPMENT LIFE
CYCLE

• Requirement Gathering and Analysis


• Design
• Implementation
• Test
• Deployment
• Ops/Maintenance
11
• Secure coding concepts
• Coding standards increase
applications’ consistency,
reliability, and security
Application • Coding standards useful in code
review process
Developmen • Errors (exceptions)
t Security • Faults that occur while
(cont’d.) application is running
• Response should be based on
the error
• Improper handling can lead to
application failure or insecurity
12

• Error handling practices to avoid


• Failing to check return codes or
Application handle exceptions
Developmen • Or improperly checking
them
t Security • Handling all return codes or
(cont’d.) exceptions in the same manner
• Divulging potentially sensitive
data in error information
13

Verify user responses to the application


Necessary to check for
Could cause program to
XSS, SQL, or XML injection
abort
attacks Application
Development
Security
(cont’d.)
Input validation
Performed after data Not possible to know
entered but before which characters are
destination is known potentially harmful
14
Application Development Security
(cont’d.)
Escaping (output encoding) Fuzz testing (fuzzing)
• Preferred method for trapping • Software technique that
user responses deliberately provides invalid,
• Ensures characters are unexpected, or random data
treated as data inputs
• Not relevant to the • Monitor to ensure all errors
application are trapped
15

Application Hardening
Intended to prevent exploiting vulnerabilities
16

Application • Patch management


Patch • Ensure that applications are
Managemen patched regularly to fix any bugs
and vulnerabilities
t
17

• Work today involves electronic


collaboration
• Data must flow freely
Securing Data • Data security is important
and Data Loss • Data loss prevention
Prevention • System of security tools used to
(DLP) recognize and identify critical
data and ensure it is protected
• Goal: protect data from
unauthorized users
18

• Data loss prevention typically


examines:
• Data in use (example: being
printed)
Securing • Data in motion (being
Data transmitted)
• Data at rest (stored)
(cont’d.)
• Content inspection
• Security analysis of transaction
• Takes context into account
19

Cloud Security
20
• Cloud security is the protection of
data stored online via cloud
computing platforms, e.g., Azure,
AWS, Google Cloud, etc.
• Threats for this platform exist in form
of:
Cloud • Application could be susceptible
Security to crypto mining
• User credentials and password
could be stolen
• Data theft
• Data leakage,
• Data Deletion.
21
Cloud Security

• Diverse methods to provide cloud security include:


• Firewalls both at network level and application level
• Strong application layer security to prevent XSS, SQL
Injection, XML Attacks
• penetration testing to ensure application is safe from DOS
and DDOS attacks
• Data Obfuscation
22
Cloud Security

• https://youtu.be/_2HFqANE4gw
• https://www.youtube.com/watch?v=tyzt
KP9rszU
23 2024-07-02 vcc.ca

You might also like