Discussion

Operating Sys & App Security - Week 3/Operating Sys & App Security - Week 3.docx

Discussion 1 - 1 page

Application Development Security Implications

Application security is one of the primary avenues used by attackers to penetrate systems and networks. Some of these avenues still being exploited have been known for decades. There has historically been a wide gap between application developers and security professionals—a gap that more organizations are becoming motivated to bridge.

Use the study materials and engage in any additional research needed to fill in knowledge gaps. Discuss the following:

· Differentiate between object-based and object-oriented computer code.

· Identify common avenues of vulnerability specific to application security.

· Explain strategies that mitigate application security vulnerabilities.

Discussion 2 - 1 pages

Secure Coding Practice Recommendations

Tasty Cookie CIO, Joan Thompson, attended a meeting of the local chapter of the Information Security Systems Association (ISSA) where a presenter demonstrated common attack vectors, including how to exploit code flaws to perform SQL injection to alter data in a backend database, and how failure to properly define data elements can result in buffer overflows. Joan had previously been relatively disengaged on the topic of application security because the primary applications used to run core business processes are all COTS (commercial off the shelf) applications that had regular patching and version control procedures in place. Following the demonstrations, she became aware of the threats specific to Web-based applications and returned to the office determined to look more deeply into the marketing and Web-based services that are being used to promote the organization.

Use the study materials and engage in any additional research needed to fill in knowledge gaps. Discuss the following:

· Explain buffer overflows.

· Explain SQL injection.

· Explain cross-site scripting.

· Describe a strategy the CIO can follow to ensure secure coding practices are implemented that prevent Web-based attacks.