Unit 2: Application Security

Application Security

Application security focuses on protecting software applications from threats throughout their lifecycle—development, deployment, and maintenance. Key areas include:

a. Database Security

• Protects databases from unauthorized access, misuse, and attacks.

Measures:

• Access control (user permissions and roles)
• Data encryption (at rest and in transit)
• Regular auditing and monitoring of database activities
• SQL injection prevention techniques

b. E-mail Security

• Ensures safe communication via email and protects against phishing, malware, and spam.

Measures:

• Anti-virus and anti-spam filters
• Email encryption (e.g., TLS, PGP)
• Authentication protocols (SPF, DKIM, DMARC)
• User awareness and phishing training

c. Internet Security

• Protects users and systems during online activities.

Measures:

• Secure web protocols (HTTPS, SSL/TLS)
• Firewalls and web application firewalls (WAF)
• Regular updates and patch management
• Safe browsing policies and endpoint protection

Data Security Considerations

a. Backups

• Creating copies of critical data to prevent loss from system failures, attacks, or disasters.

Types of backups:

• Full backup: Entire data is copied
• Incremental backup: Only changed data since last backup
• Differential backup: Data changed since the last full backup

b. Archival Storage

• Long-term storage of infrequently used data while keeping it secure and accessible if needed.

Key points:

• Use secure, durable storage media
• Encrypt sensitive data before archiving
• Comply with legal and regulatory retention requirements

c. Disposal of Data

• Secure deletion of obsolete or sensitive data to prevent unauthorized access.

Methods:

• Data wiping or overwriting
• Degaussing (for magnetic storage)
• Physical destruction (shredding or incineration of storage media)

Security Technology

a. Firewall

• Acts as a barrier between a trusted network and untrusted networks (e.g., the Internet).

Functions:

• Packet filtering
• Stateful inspection
• Proxy services for secure communication

b. Virtual Private Network (VPN)

• Provides secure, encrypted communication over public networks.

Uses:

• Remote access for employees
• Protect data in transit
• Ensure privacy and confidentiality

c. Intrusion Detection System (IDS)

• Monitors network or system activities for malicious actions or policy violations.

Types:

• Network-based IDS (NIDS): Monitors network traffic
• Host-based IDS (HIDS): Monitors individual systems or servers
• Can generate alerts for potential security incidents

Access Control

Access control ensures that only authorized users can access specific information or resources.

Types of Access Control

1. Discretionary Access Control (DAC):  Resource owners decide who can access their resources.
2. Mandatory Access Control (MAC): System enforces access based on security policies and classifications.
3. Role-Based Access Control (RBAC): Access is granted based on user roles within the organization.
4. Attribute-Based Access Control (ABAC): Access is based on attributes of users, resources, and environment (e.g., time, location).

Access Control Mechanisms

• Authentication: Verify user identity (passwords, biometrics, tokens)
• Authorization: Grant or deny access based on rights and roles
• Audit: Logging and monitoring of access attempts

Summary Table

Topic	Key Points
Application Security	Protects software applications; includes database, email, and internet security
Database Security	Access control, encryption, auditing, SQL injection prevention
E-mail Security	Anti-spam, encryption, authentication, phishing protection
Internet Security	Secure protocols, WAF, updates, safe browsing
Data Security	Backups (full, incremental, differential), archival storage, secure disposal
Security Technology	Firewall, VPN, Intrusion Detection System (IDS)
Access Control	DAC, MAC, RBAC, ABAC; authentication, authorization, auditing

Security Threats to Information Systems

Security threats are actions or events that can compromise the confidentiality, integrity, or availability of information systems. They can be malicious software, human errors, or attacks targeting systems or networks.

Viruses

• Definition: Malicious programs that attach themselves to files or programs and spread when the infected file is executed.

Characteristics:

• Require human action to spread (like opening a file).
• Can corrupt files, delete data, or slow down systems.
• Example: File-infecting virus in executables.

Worms

• Definition: Self-replicating programs that spread automatically across networks without human intervention.

Characteristics:

• Exploit vulnerabilities in networks or operating systems.
• Can consume bandwidth and overload systems.
• Example: WannaCry ransomware worm.

Trojan Horse

• Definition: Malicious program disguised as legitimate software to trick users into executing it.

Characteristics:

• Does not self-replicate like viruses or worms.
• Can provide unauthorized access, steal data, or damage systems.
• Example: Fake software downloads carrying hidden malware.

Bombs

• Logic Bombs: Malicious code triggered by specific events, like a date or action.

Characteristics:

• Activates at a predetermined time or condition.
• Can delete files, crash systems, or disrupt operations.

Trapdoors (Backdoors)

• Definition: Hidden ways to bypass normal authentication mechanisms.

Characteristics:

• Installed intentionally or by hackers.
• Allows unauthorized access to systems without detection.

Spoofs

• Definition: Deceptive attacks that trick systems or users by falsifying identity.

Types:

• IP spoofing: Faking source IP address.
• Email spoofing: Sending emails appearing to be from a trusted source.
• Impact: Can bypass security controls or steal sensitive information.

E-mail Viruses

• Definition: Viruses that spread through email attachments or links.

Characteristics:

• Often hidden in attachments like .exe, .doc, .xls.
• Activates when user opens the attachment.
• Prevention: Anti-virus scanning, avoiding suspicious attachments, email filters.

Macro Viruses

• Definition: Malicious code written in macro languages of applications (e.g., Microsoft Word or Excel).

Characteristics:

• Auto-execute when document is opened.
• Can modify documents, steal data, or replicate.
• Example: Melissa virus (infected Word documents).

Malicious Software (Malware)

• Definition: Broad term covering viruses, worms, trojans, ransomware, spyware, adware, and other harmful programs.

Impact:

• Data theft or corruption
• System downtime
• Financial loss
• Prevention: Antivirus software, firewalls, regular updates, and safe computing practices.

Network Attacks

• Definition: Attacks targeting network infrastructure to disrupt communication or steal data.

Types:

• Eavesdropping/sniffing: Intercepting network traffic.
• Man-in-the-middle (MITM): Intercepting and altering communication.
• IP Spoofing: Impersonating a trusted device.
• Prevention: Encryption, VPNs, secure protocols, and intrusion detection systems.

Denial of Service (DoS) Attack

• Definition: Attack that makes a system or network resource unavailable to legitimate users.

Characteristics:

• Floods servers with excessive traffic.
• Can target websites, emails, or network services.
• Distributed DoS (DDoS): Multiple compromised systems are used to launch a large-scale attack.
• Prevention: Firewalls, load balancers, rate-limiting, and network monitoring.

Summary Table

Threat	Definition / Key Points
Virus	Malicious program attaching to files, spreads on execution
Worm	Self-replicating program spreading automatically over networks
Trojan Horse	Malicious program disguised as legitimate software
Bombs	Malicious code triggered by specific events or conditions
Trapdoors	Hidden backdoors for unauthorized access
Spoofs	Fakes identity to deceive systems or users
E-mail Virus	Virus spreading via email attachments or links
Macro Virus	Malware in application macros (Word, Excel)
Malware	General term for all malicious software
Network Attack	Targets network infrastructure for disruption or data theft
DoS / DDoS	Overloads system resources to make services unavailable