We need different Applications, Security Controls and Techniques, Host Security and the Hardware Security, Virtualization and Importance of Data Security for the proper usage of the technology. We will also know what is Data Security, Data Encryption and the Data Policies.
APPLICATIONS, SECURITY CONTROLS AND TECHNIQUES
As the fear of losing data due to breach of security rise, we need to learn about Applications, Security Controls and Techniques. Fuzzing is testing the server to see how they respond to errors. This helps to fix or suppress the error occurrence. The Malicious persons can use the error messages to deduce what needs to be done. So by the Fuzzing, throw random information to the server to see how it responds. This is the way to protect ourselves against the attacks like SQL injection attacks, Buffer Overflows attacks, and others.
The Secure Coding Concepts include a) Error Exception handling, and b) Input Validation. By following Secure Coding Concepts, we ensure that the security is built into the code from the beginning. Security instructions are given when they are being designed by the programmer. If you wish to suppress the error message and not disclose the complete information, even if access was not granted, this protects the system to disclose the information and prevents the malicious attacks. For example, if the malicious users intend to log onto the system, they would try with the log in id and the password. At this point, we want that the system should disclose the error as “Either your login ID or password is incorrect” rather than “your password is incorrect”. This suppressed message can protect the system against any attacks.
We should also have Input Validation. The Malicious Persons can inject code within the field so that they carry out the malicious activities on the server. Here, if our programmers have input validation, each key input will be properly validated before the system executes the information/scripts.
Cross Site Scripting Prevention is another method which we can mitigate the attempt of the malicious persons trying to attack the system. It is carried out by the attacker by injecting code into the pages of the suspected victims. It can provide a platform for further attack such as Phishing or browser exploits, redirection, etc.
The end users can implement security controls on their workstations to ensure maybe they can detect the error. The systems should have the latest versions of the Anti-Malware , Anti-Spyware and ensure that they regularly update signatures to avoid attacks.
Cross Site Request Forgery Prevention could be difficult.The end users can install Ad-On for their web browsers, empty the temporary internet files and keep the browsers up-to-date. Our end users should ensure that they should have updates in the timeliest fashion.
Application Configuration Baseline should be properly set so that the malicious persons should not use the applications that are not allowed.
Application Patch Management
Our software, applications we use are not perfect. The administrator should periodically scan the internet to sync the patches that are released. As they are released by the manufacturers, these patches need authentication by the vendors. Then these patches are tested in the test environment to see whether patches are robust. After testing, these patches will be migrated to the system and apply them properly to carry out proper working.
The System Administrator should take care of the testing and it should not be left for other persons.
Server Side Vs Client Side Validation
There are some entries which could leave it to the server side to validate. There are some entries we allow or prefer to be validated by the client side. It is faster and the error will be corrected by the client immediately.
Some inputs are better validated on the client side rather than on the server side.