Security Series
Part 1
Hello Everyone, I am starting a security series. At this moment I don't have much information where we would be landing.
Lets just get started!!!
In this post I am coming up with security terminology and their definition, this is complete theory so you can also read in your mobile.
Secure environment is a combination of people, process and tools( 3 tiers of security). All these 3 entities must work together and play vital role to have a secure environment.
Process: Have standards to apply security at everything we do.
Tools: find and fix problems to have the most secure offering at the end of the day
Attacker: An Adversary seeking to exploit potential vulnerabilities of a system.
Application Security: Measures taken to improve the security of a an application by finding, fixing and preventing security problems.
Software security: Engineering software so that it continues to function correctly under malicious attack.
Threat: Possible danger that might breach security and cause harm.
Risk: the possibility of a negative or undesirable occurrence.
Attack Surface: The interface an attacker could use to attempt to compromise a product or system.
Builders - Breakers - Defenders
Builder is a developer who builds something and must make sure that the build is secure by leveraging right tools, techniques and processes to ensure whatever they are creating is secure.
Breakers: People looking at the build and then trying to break into it.
Defenders: look at the overall system and secure it to prevent bad actors from getting in and doing something to the system
Employing a common vocabulary encourages effective security communication within the organization.
CIA Triad - Foundational building blocks of application security
- Confidentiality : Information is protected from unauthorized disclosure. Nobody should be looking at or reading the information they shouldn't have access to if we have confidentiality.
- Integrity: The assurance that information is trustworthy accurate and has not been modified.
- Availability: A guarantee of reliable access to information by authorized people
0 comments:
Post a Comment