the goal of software security is to maintain the confidentiality, integrity, and availability of information resources in order to enable successful business operations. This goal is accomplished through the implementation of security controls.
Risk is a combination of factors that threaten the success of the business. This can be described conceptually as follows: a threat agent interacts with a system, which may have a vulnerability that can be exploited in order to cause an impact.
Eg: a car burglar (threat agent) goes through a parking lot checking cars (the system) for unlocked doors (the vulnerability) and when they find one, they open the door (the exploit) and take whatever is inside (the impact).
A dev team: Approaches the system based on the intended functionalities
An attacker: What operations can be done on the system(nothing avoided is possible)
security holes can be introduced in
- Requirement gaps
- System logic error
- Poor coding practices
- Improper deployments
- Security holes introduced during maintenance and updating phases
No comments:
Post a Comment