Establishing Application Security
Establishing Application Security
Establishing Application Security
1
Establishing Application Security
An overlooked aspect of security is that the security within the applications we use
today. It is very important to learn and understand how hackers are hacking the systems
through the use of applications that are running on a company’s systems. It is a must that the
network administrator must keep all the application updated and follow secure coding
concepts to prevent hackers from gaining access on the system easily.
Testing the system is crucial in every organization and they should always test and
examine all the applications they are creating by putting any invalid data on it to make sure
that it only accepts correct types of information. This step of testing the software inputs if
it’s invalid or not into input fields of any application is called fuzzing.
Try
MessageBox.Show(cdbl(txtTotalAmount.text) +
cdbl(txtTotalTax.text))
Catch ex as InvalidCastException
MessageBox.Show("Please supply 2 numbers as input")
Catch ex as Exception
MessageBox.Show("An error has occurred. Please try again.")
End Try
Input Validation
APPLICATION HARDENING
To help establish a more secure environment, you should be familiar first with
several common application security issues. The following shows security issues to
the systems today:
ActiveX controls
The use of ActiveX controls area an area of concern with applications.
If one application or website is using this ActiveX control, it is not necessarily
a bad thing, but it does show a security apprehension because the ActiveX
controls can manipulate your system including the deletion of the important
files on your computer.
Java
This Java applications are different from ActiveX controls since they
run in what is known to as a sandbox. Sandbox is a restricted area with a
resource that these Java applications can access.
Scripting
There are lots of application environments including web sites that
supports scripting. A scripting is a security concern because most scripting
languages can make some changes to your system. Example, before, a script in
Microsoft Office could loop through your address book using Outlook and then
send an e-mail to all your contacts without your consent but today, they have
now a macro security feature to prevent this from happening.
Browser
All browsers can be a huge security issue since most web sites have
different types of contents that can be run by the browser. Most active
content that is to be run in a browser needs to have an add-on that are
installed in a browser to make sure that the content will be executed and run
properly.
Cookies
Cookies are logon information from all the websites you visit and is
stored in memory on computer. There are some security issue surrounding
storing information in cookies. One of this is that if the information is stored
in a text file and if someone gain an access to this, they will know the
Course Module
information that you have provided or gathered on that file and might use it
against you.
Instant messaging
Instant messaging applications grows for fast that it become one of the
big security issues nowadays. This instant messaging software allows worm
viruses such as the W32.Seesix worm replicate itself within your system. Not
only that, instant messenger applications also allow files sharing and it’s
possible to the hacker to gain access on your systems and gather important
information on your network.
P2P
This type of file sharing applications is also having a security risk since
the users are downloading files from untrusted sources. Downloading any files
or software from any untrusted sources will put you on risk because most of
the times there are malicious code attached to that file that will cause harm to
your system when executed.
Buffer overflow
As we discussed earlier, a buffer overflow attack is an attack when the
hackers send too much amount of data to an application and is being able to
run random code that might results in administrative access to the system.
Prevention Techniques
Following are the best application security practices that are essential. There
are two major categories- making sure that you validate first the input and that you
apply patches to the application that you are using. Following are some other ways
to protect and save your system from attacks:
Application hardening
It is important to disable any features in applications that you
don’t want users to use. Let say that your company wants to use instant
messaging applications, in order to make it more secure, you can just
disable the file-transfer and desktop-sharing features in the software
and only allow chatting.
Course Module
References and Supplementary Materials
Online Supplementary Reading Materials