Cyber security

profileluckyqloo
W5D1responseMR.docx

Respond agree or disagree

System design vulnerabilities occurs very often and attackers or exploit hunters are always on the hunt for any opportunities that are presented.  During the process a product is being developed it is very important to incorporate cybersecurity and quality control teams. This incorporation has brought a new wave that I have seen and currently experiencing in my current role, DevOps. DevOps is a team where Developers and Operations work together to produce a finished product that has been through QA and cybersecurity teams have also made suggestions and participated during the production.

Developers are great at what they do, but often they forfeit some security best practice to make something on their end work. Also, the risk of developers to forget, or simply disregard any input validation through the process could lead to potential security issues. The software is not the only place where these vulnerabilities can occur, Product design (Infrastructure design) can also provide vulnerabilities if controls are not followed.

Software Design Vulnerability

Vulnerabilities are caused because of poor design, configuration mistakes, inappropriate and insecure coding techniques, the complexity of software, unchecked user input, and weak password management. (Kaur, N. & Kaur, P., 2014). With most of the software offered as a SaaS, potential misconfigurations or uncheck input validation can lead to various types of attack such as the ones presented by OWASP. The most common are SQL Injection, Cross-site scripting (XSS), or an insecure direct object reference to name a few. 

Network Architecture Vulnerability

During product design, Network security can be overlooked and deem as not necessary, but no network architecture is completely immune to unwanted intrusion. (INFOSEC INS., n.d.)  If security is not incorporated during the product design the network could be left vulnerable and various issues can originate. Such vulnerabilities include cryptographic vulnerabilities such as weak encryption, or wrong choice of encryption, or even unsecured keys. Database vulnerabilities such as Backup data, unauthorized copying of sensitive data. Authentication and Access control vulnerabilities that deal with the escalation of privileges, excessive privileges. 

These all have to be taken into consideration when designing a system and for the finish product design. 

 

Kaur, N. & Kaur P. (2014). Input Validation Vulnerabilities in Web Applications. Journal of Software Engineering, 8: 116-126.DOI: 10.3923/jse.2014.116.126 

INFOSEC Institute (n.d.). Security Architecture Vulnerabilities and the CISSP. Retrieved from https://resources.infosecinstitute.com/category/certifications-training/cissp/domains/security-engineering/security-architecture-vulnerabilities/#gref