COMPUTER SECURITY

 Top 5 cybersecurity threats to manage Just as there are many types of cybersecurity, there are multiple cybersecurity threats. Here’s a look at some of the most common and dangerous ones facing businesses and individuals today. 1.Malware Malware is one of the most common types of cybersecurity threats, despite a steady decline over the past few years. It’s short for “malicious software” and is a broad category covering programs and lines of code that cause damage or provide unauthorized access. Viruses, trojans, spyware and ransomware are all types of malwares. These can be as insignificant as placing unwanted pop-ups on a computer or as dangerous as stealing sensitive files and sending them somewhere else. 2. Phishing While malware relies on technical factors to cause damage, phishing targets human vulnerabilities. These attacks involve tricking someone into giving away sensitive information or clicking on something that will install malware on their device. They’re often the startin

Information Security Policy An information security policy helps everyone in the organization understand the value of the security measures that IT institutes, as well as the direction needed to adhere to the rules. It also articulates the strategies in place and steps to be taken to reduce vulnerability, monitor for incidents, and address security threats. An information security policy provides clear direction on procedure in the event of a security breach or disaster. Important outcomes of an information security policy include: Facilitates the confidentiality, integrity, and availability of data: A robust policy standardizes processes and rules to help organizations protect against threats to data confidentiality, integrity, and availability. Reduces the risk of security incidents: An information security policy outlines procedures for identifying, assessing, and mitigating security vulnerabilities and risks. It also explains how to quickly respond to minimize damage in the event

Secure Coding Secure coding, also referred to as secure programming, involves writing code in a high-level language that follows strict principles, with the goal of preventing potential vulnerabilities which could expose data or cause harm within a targeted system. Secure coding is more than just writing, compiling, and releasing code into applications. To fully embrace secure programming, you also need to create a secure development environment built on a reliable and secure IT infrastructure using secure hardware, software, services, and providers Secure Coding Practices Validate input: input from all untrusted data sources should be Validated. Proper input validation can eliminate the majority of software vulnerabilities. External data sources, including command line arguments, network interfaces, environmental variables, and user-controlled files should be handled with caution Heed compiler warnings: Code should be compiled with highest warning level available. Static and dynamic

Vulnerability Assessment Vulnerability assessment are rules to follow to help identify the vulnerability of an asset or assets at risk of being lost, taken, damaged, or destroyed. As such, Vulnerability assessment can be used as a tool for managing threats, or if you prefer, managing the risk that accompanies threats. Threats come in a different way. Threat can be caused by nature, such as flooding, hurricanes, earthquakes, etc. It could also happen as a result of an accident, such as fire, breakdown of equipment, collapse of a structure, and the greatest threat is man-made threats, such as crime, sabotage, and terrorism. One of the most common uses for vulnerability assessments is their capability to validate security measures.  There are two types of vulnerability assessments: The host and network. Vulnerability assessment is not restricted to computer systems/networks. For example, a physical building can be assessed so it will be clear what parts of the building have what kind of f

General Injection Attacks There are several types of injection attacks, depending on what part of a system is being attacked. However, they all follow a common pattern. We start with some component of the program that accepts commands in text form. This component might be a command shell, the SQL interpreter, XML parser, or even the interpreters for a language such a Python or JavaScript. Injection attacks are possible whenever four criteria are satisfied: 1. The program is using some form of command interpreter. 2. The commands being sent to the interpreter are constructed by the program while it is executing. In other words, the commands are not constant strings. 3. At least part of the data being used to construct the strings comes from user input. In other words, at least part of the input comes from the attack surface. 4. The program does not correctly prevent the user input from changing the way that the programmer intended the command to be interpreted. Items 1 through 3 above m