Software Security Flashcards
What is software security?
It plays a critical role in protecting sensitive information and ensuring the integrity and reputation of any business with an online presence. An example is buffer overflow, which is when the memory is overloaded with information and requests. This happens when the input exceeds the buffer’s capacity. Some hackers intentionally try this as this can create vulnerabilities that enable them to gain entry or insert malicious code. One method for preventing buffer overflow is to write code that validates user input before copying it to buffers. This could mean setting a maximum length for input data or only allowing certain data types or formats. This stops a would-be hacker from entering too much information into the system which protects the buffer
What are some of the most prevalent threats?
Hacking, phishing, and malicious software are among the most prevalent threats. Hacking involves unauthorized access to systems, while phishing aims to deceive individuals into revealing sensitive information. Malicious software such as viruses and malware can cause significant harm to software and compromise data security.
Why is it important to keep software up-to-date?
Regularly updating software is crucial for maintaining its security. Software developers frequently release updates that address known vulnerabilities and enhance security features. By keeping software up to date, individuals can ensure that their systems are equipped with the latest security patches reducing the risk of exploitation. Once an exploitation becomes known, security experts will analyze its pattern and alter the code to protect against it.
How is Defense in Depth (DID) important?
It is a foundational principle in software security, which involves the implementation of multiple layers of security measures. Individuals can establish a robust defense mechanism against potential threats by integrating physical, technical, and administrative controls. For example, multi-factor authentication methods such as receiving a verification code via email after entering a password to access an application or account exemplify the intricate nature of DID aimed at preventing unauthorized access. Such strategies are commonly encountered in various technological interactions, underscoring their widespread applicability in safeguarding sensitive information. Preventing unauthorized access is an important measure in digital security, but it’s not the only one.
Define encryption?
Ensures that only authorized individuals can access and decipher the information by converting data into an unreadable format.
Encryption methods have become very convoluted since their early incarnation. Typically, one can encrypt data by generating a cipher that will alter human readable code into an unrecognizable collection of text and symbols. This same cipher can then unscramble the text given the encrypted form.
What is EULA?
Is a legal contract between the software developer or vendor and the end user, outlining the terms and conditions under which the software can be used. It also offers customer protection, outlining what security and privacy measures are afforded with the use of the software. One of the primary purposes of the EULA is to define the rights and limitations of the end user. It specifies how the software can be used, whether for personal or commercial purposes, and whether it can be installed on multiple devices or shared with others.
