Code vulnerabilities Vulnerabilities are mistakes, errors or weaknesses in a piece of software’s source code that can be directly used by a hacker to perform.

Slides:

Advertisements

Similar presentations

1 SOFTWARE TESTING Przygotował: Marcin Lubawski. 2 Testing Process AnalyseDesignMaintainBuildTestInstal Software testing strategies Verification Validation.

Advertisements

Penetration Testing Anand Sudula, CISA,CISSP SSA Global Technologies, India Anand Sudula, CISA,CISSP SSA Global Technologies, India.

INDEX  Ethical Hacking Terminology.  What is Ethical hacking?  Who are Ethical hacker?  How many types of hackers?  White Hats (Ethical hackers)

Module 2 Segregation of Duties Case Study Individual Assignment

SELECTING AND IMPLEMENTING VULNERABILITY SCANNER FOR FUN AND PROFIT by Tim Jett and Mike Townes.

What Causes Software Vulnerabilities? _____________________ ___________ ____________ _______________   flaws in developers own code   flaws resulting.

SOFTWARE QUALITY ASSURANCE Asst. Prof. Dr. Selim BAYRAKLI Maltepe University Faculty of Engineering SE 410.

University of Palestine software engineering department Testing of Software Systems Fundamentals of testing instructor: Tasneem Darwish.

Test Organization and Management

Information Systems Security Computer System Life Cycle Security.

Cmpe 471 Computer Crime: Techniques and Countermeasures.

Adam L. Jacobs, CISSP Principal Program Manager, Oracle 15/16 November 2005 Why is Commercial Software So Vulnerable (and How Can We Fix It)?

Higher Computing Software Development. Software Development Process There are 7 main stages involved in developing a new software program: Analysis Design.

The Program Development Cycle

1 The Software Development Process  Systems analysis  Systems design  Implementation  Testing  Documentation  Evaluation  Maintenance.

DEBUGGING. BUG A software bug is an error, flaw, failure, or fault in a computer program or system that causes it to produce an incorrect or unexpected.

Chapter 7 Software Engineering Introduction to CS 1 st Semester, 2015 Sanghyun Park.

Program Development Cycle Modern software developers base many of their techniques on traditional approaches to mathematical problem solving. One such.

1 Vulnerability Assessment Elisa Heymann Computer Architecture and Operating Systems Department Universitat Autònoma de Barcelona

The Software Development Process

Software Engineering 2004 Jyrki Nummenmaa 1 BACKGROUND There is no way to generally test programs exhaustively (that is, going through all execution.

MANUAL TESTING KS SESSION PRESENTED BY 26/11/015 VISHAL KUMAR.

Chapter 1: Fundamental of Testing Systems Testing & Evaluation (MNN1063)

Malicious Software.

Computer Security By Duncan Hall.

TESTING FUNDAMENTALS BY K.KARTHIKEYAN.

1 The Software Development Process ► Systems analysis ► Systems design ► Implementation ► Testing ► Documentation ► Evaluation ► Maintenance.

Understand why software needs installing or upgrading

Module 7: Designing Security for Accounts and Services.

CS223: Software Engineering Lecture 18: The XP. Recap Introduction to Agile Methodology Customer centric approach Issues of Agile methodology Where to.

Parasoft : Improving Productivity in IT Organizations David McCaw.

Exploitation Development and Implementation PRESENTER: BRADLEY GREEN.

What is a software? Computer Software, or just Software, is the collection of computer programs and related data that provide the instructions telling.

OPERATING SYSTEMS (OS) By the end of this lesson you will be able to explain: 1. What an OS is 2. The relationship between the OS & application programs.

Welcome to the ICT Department Unit 3_5 Security Policies.

Software Development Module Code: CST 240 Chapter 6: Software Maintenance Al Khawarizmi International College, AL AIN, U.A.E Lecturer: Karamath Ateeq.

Software Testing Training Online. Software testing is ruling the software business in current scenario. It provides an objective, independent view of.

Information Systems Security

Chapter 40 Internet Security.

Design and development of a prototypical software for semi-automatic generation of test methodologies and security checklists for IT vulnerability.

SOFTWARE TESTING Date: 29-Dec-2016 By: Ram Karthick.

Software Testing Lab 1.

Outline Basic concepts in computer security

Unit Testing Tomas Žvirgžda IFM-9/2.

Security Testing Methods

Software Security Testing

Firewall Configuration and Administration

Evaluating Existing Systems

COMP3357 Managing Cyber Risk

Software Testing An Introduction.

Evaluating Existing Systems

Year 10 IT: Programming Pathway Subject(s): VCE Computing

Using Algorithms Copyright © 2008 by Helene G. Kershner.

IT Roles and Responsibilities

Systems Life Cycle: Testing

WHITEBOX TESTING APPROACH

Business Should Adopt Agile Testing. Test Driven Development is an essential software development way that is made by an automated test program which.

Important Software Performance Testing That Ensure High Quality Solutions.

Web Application Security Testing - Don't Bolt It On - Build It In.

Using Algorithms Copyright © 2008 by Helene G. Kershner.

Introduction to Systems Analysis and Design

Security Essentials for Small Businesses

Computer Science Testing.

CS240: Advanced Programming Concepts

Baisc Of Software Testing

Topic 5: Communication and the Internet

The Software Development Process

Ethical Hacking ‘Ethical hacking’ is the branch of computer science that involves cybersecurity and preventing cyberattacks. Ethical hackers are not malicious.

DMCS Data Ethics Framework principles

Presentation transcript:

Code vulnerabilities Vulnerabilities are mistakes, errors or weaknesses in a piece of software’s source code that can be directly used by a hacker to perform an attack, such as gain access to a system or network. When developing software, to ensure it is therefore essential to make sure the code is secure. The planning stage is therefore crucial!

Best Practice Coding for Network Vulnerabilities Programmers usually follow best practice coding principles. Keep the code as simple as possible - complex designs increase the likelihood that errors will be made in their implementation, configuration, and use. Conduct code reviews carried out by external testers. Internal testers or those developing the software may not spot bugs or security flaws.

Code Review Think back to when we were carrying out our controlled assessment. Without knowing it, you were all code reviewers!

What is a code review? A code review (sometimes referred to as peer review) involves one or several humans checking a program mainly by viewing and reading parts of its source code. This process can be automated and carried out by a computer, but this is risky, as a computer may not pick up errors that may be apparent. Code reviews should be carried out by people outside of a company or independent of that particular project.

Modular testing Think back (again) to your controlled assessment. Modular testing involves checking individual subprograms or functions in a program. Think back (again) to your controlled assessment. We created our software using different functions. Before moving onto the next function we moved onto the next task or sub-problem, we tested our programs worked. This is known as modular testing. Just think – in many of your GCSE’s, you are tested in a modular way – to make sure you have understood a topic before moving onto the next.