Information Security is a new term for an old concept. The need for information security is as old as humanity itself. Since the beginning of recorded history, people have lived and learned to govern and to be secure in all they do. Through the gift of technology, we can do this without being encumbered by cumbersome rules and regulations.
Human nature, being what it is, is heavily reliant on rules and regulations. Like anything else, they are subject to abuse. Technology, being what it is, is no different. Like people, technology has its own rules – it is bound by law more than by logic. Like computers, robots are susceptible to physical abuse as well as financial abuse. The robots may be stupid, but the laws of bot operation mean that they are subject to much the same abuse. And many existing laws existed long before hackers ever came along and began wrecking havoc.
Before computers, it was difficult to create and deliver secrets notice promising safety or privacy. However, once computers became a common entity, more and more secrets were delivered in electronic format. And not just secret: Information security laws were created to govern how people dealt with electronic data. Now, computers are used to deliver not just important secrets, but also trade secrets, corporate trade secrets, license confidential information and law enforcement records.
Because computers are now an integral part of everyday life, it is important that they are supplied with the necessary equipment to protect them from viruses,cgi,hurl, and other malware that can harm computer files. As a result, users must also examine their computer system for signs that its security has been breached.
Because the means of committing cybercrime are increasing, it is important to acquire software programs that will detect such crimes.
This is where computer security come in. Because computers are computers, they are prone to various kinds of abuse. These abuses may take many forms from the very simple to the very serious. Some of the more notable ways of abusing the power of the computer and the internet is the following:
Disclosure of confidential information. This may be done by exposing a vulnerability in the software. When such a vulnerability is revealed, the hackers can then use this information to cover their tracks. Or it can be done by displaying a document that reveals a vulnerability that was discovered months ago.
Use of bots. These are programs that consistently produced produce results such as a list of vulnerabilities that were discovered months ago. Once the hackers realized the list was out there, they could run a bot network to assailants that revealed the vulnerabilities.
Revealing passwords. Once the passwords were known, the hackers could use them to cover their tracks. This is what I had been doing for years. Caller ID spoofing is one example of passwords that were made public. The problem is, when you disclose your password, you are making it relatively easy for your attacker to call you up.
The disclosure of a list of vulnerabilities is done in a specific rules to make it relatively easy for the hackers to follow to find the vulnerabilities and then work their way through them.
The list of web application vulnerabilities shared by the vendor and the developer is intended for a wider audience to enjoy the benefits of web application protection.
Because cybercriminals are becoming smarter and more sophisticated in their operations, they are real threats to your business. Data security compromises the trust people have for the safety of their money and their computers. It intrudes into their privacy and their lives. For example, company directors may use a venture-capital service to attract and fund great new business. The application development team develops and promotes a web application using funds from the venture capital service. By doing this, the team may be inadvertently creating access for a hacker to steal moneys from their account.
By knowing how to generate a report from the vulnerability assessment, you will be able to pinpoint the vulnerabilities and take the necessary steps to protect your web application development team, your company and your customers.
The assessment focuses on several key areas; I will discuss only three of them.
- You walk around your network looking for unsecured shared resources.
- You walk around your network looking for unsecured software. This is the easiest part of the assessment for a hacker.
- You walk around your network searching for security holes that existed when the web application was developed.
Your job is to find the resources that are unsecure. You will then add security elements to those resources and expand the scope of the web application development.
This is the only real assessment of your web application development that is needed. You can complete additional studies and submit reports to management detailing all information sources and how that information was used within the web application development.
Why is this assessment important? Because you cannot validate your development process with on-site audits that focus on vulnerabilities discovered during the assessment.