BROADCASTS.com

b"

hello everyone my name is vijay kumar Devireddy and i am glad to have you back on my episode 43 today we are discussing about As we move through the seven phases of the software development lifecycle,it's important for not to forget the fundamentals of good security.Our developers should always remember the three tenets of the CIA triad:confidentiality, integrity, and availability.Remember, confidentiality ensures that only authorized users can access the data being processed by an application.The most common of ensuring confidentiality is to include the use of encryption to maintain the secrecy of the data being stored.Integrity is focused on ensuring the data is not modified or altered without permission. The two main ways that we do this as developers is by utilizing hash algorithms as a method of integrity check for the data or by using journaling and logging functions to create audit trail showing the integrity of the data has not been comprised.When developers are attempting to ensure availability,they're focused on ensuring that the data is available to authorized users when it's needed.The most common way of doing this is by creating redundancy in the overall system design,by ensuring their software code is error-free,or by ensuring that their software can conduct error handling appropriately to prevent crashes.During the testing phase, it's important to conduct an in-depth code review to ensure that there are no vulnerabilities that might affect the confidentiality, integrity,or availability of the software or the integrated system.These code reviews are generally performed by programmers, not by security analysts though.On the other hand, security analysts do help during the software development lifecycle by conducting threat modeling.Threat modeling helps to prioritize vulnerability identification and patching throughout the SDLC.By helping to prioritize the threats,the security analysts can help with the identification of applications or systems that should receive additional protections,which threats are more likely to affect them,and which ones have known vulnerabilities that exist.Based on this, additional effort and funding can be applied in the most efficient way to fix the issues before an attack happens or an attacker can exploit them.After all, there are a lot of threats out there and a lot of ways to attack a system if you want to breach an area of the CIA triad.To best protect applications, we should ensure that good security is programmed in from the beginning back during the requirements,analysis, and implementation phases.Numerous studies have proven that it's much cheaper to utilize secure coding practices and to conduct more thorough testing before releasing a product than to try to fix insecure code after releasing the product,as well as trying to clean up from the mess of an attack.What secure coding practices should our programmers use during development?First, we should ensure that we design our applications with the concept of least privilege.Least privilege means that user or processes should be run using the least amount of access necessary to perform the given function.Does your application require administrative permissions to run?If so, why?Developers should always try to use the lowest permission level when they're performing a function.So whenever it's possible, the program should be run as a user level person instead of an administrator or root level one.