User Account

All Pages

Conditions and requirements of application security

Assignment Help Basic Computer Science
Reference no: EM13926580

In 1974, Jerome Saltzer and Michael Schroeder wrote a paper that has shaped how we think about threats to computers. This seminal publication outlines a set of basic principles that define a logical way to classify and respond to threat. It also describes the critical things you should consider while building software. These underlying principles dictate the conditions and requirements of application security and define the goals of application security process.

Supplementing Saltzer's and Schroeder's principles are the Common Weakness Enumeration (CWE), the Common Attack Patterns Enumeration and Classification (CAPEC), and the Common Body of Knowledge (CBK). These resources provide the most up-to-date and detailed way of thinking about threats and provide detailed information about the ways that those threats can be exploited.

The CWE is an industry-supported document that catalogues all of the known vulnerabilities that appear in software and the ways that attackers exploit these vulnerabilities. It also itemizes the common types of attacks and attackers as well as their motivations, the specific methods that they employ, and the attack surfaces that are most vulnerable. This is extremely valuable knowledge because it tells you what to look for when you are checking your code. It also allows you to classify common types of errors into categories, which makes it easier to prioritize those errors by the level of risk they represent.

By combining the IEEE 12207 standard with the high-level principles of Saltzer and Schroeder and the practical advice of the CBK, the CWE and CAPEC, developers have a roadmap for planning and implementing an application security process that will ensure against the occurrence of exploitable defects in their products and services.

For this Application, you will use some of these resources to examine security weaknesses and the methods of exploiting those weaknesses.

To begin the assignment:

  • Choose one of the application security weaknesses listed in theCWE Top 25 Most Dangerous Software Errors.
  • Choose one method of exploiting that security weakness as listed in theCommon Attack Pattern Enumeration and Classification: CAPEC List Release 1.6.

Then, in a 2- to 3-page paper address the following:

  • Briefly summarize the weakness and method of attack you chose. In your description, summarize how that weakness operates in practice, how it might be created in software, and how it can be exploited by your chosen method of attack.
  • Assess which of Saltzer's and Schroeder's principles would be involved with causing or mitigating that particular attack. For example, where does "economy of mechanism" fit into command injection attacks? Why?
  • Assess which IEEE 12207 processes and practices would be affected by or implicated in such an attack. Why?
  • Analyze what would happen to those IEEE 12207 processes and practices if that attack was successful. Relate those effects to a business or day-to-day operational problem it could cause.

Remember to properly cite your sources according to APA guidelines.

Reference no: EM13926580

Questions Cloud

Use of analytics and cloud technology within this company : This assignment consists of two (2) sections: a design document and a revised Gantt chart or project plan. You must submit both sections as separate files for the completion of this assignment. Label each file name according to the section of the ..
What is the calculated t value : What is the calculated t value? Are the mean test scores of these two groups significantly different at the .05 level?
Explain how foreign exchange rates are determined : What are the advantages and disadvantages of a weak versus a strong dollar for imports, exports, international and domestic markets?
Was it a consensual or adversarial argument : Think about a recent argument you had. Identify when you argued, the issue, with whom you argued, and what you were trying to accomplish with the argument. Was it a consensual or adversarial argument? Was this argument typical of your argument sty..
Conditions and requirements of application security : This seminal publication outlines a set of basic principles that define a logical way to classify and respond to threat. It also describes the critical things you should consider while building software. These underlying principles dictate the con..
Who benefits from a tariff or quota : How do protectionist trade policies affect a government's wealth and fiscal policy?
What price must chrysler charge in japan in yen : If the exchange rate of Japanese yen for U.S. dollars is ¥140 ¼ $1, what price must Chrysler charge in Japan (in yen)? What price will Chrysler have to charge in Japan if the value of the dollar falls to 120 yen?
Determining the finding and fixing vulnerabilities : Because modern applications are complex, it is not practical to think about finding and fixing vulnerabilities by simply inspecting the code. Instead, a wide variety of sources-ranging from the government and professional software developers to th..
Why was this movie one of your favorites : Think of one of your favorite movies (past or present). Respond to the following questions: Why was this movie one of your favorites? What about this movie inspired, educated, or motivated you

Reviews

Write a Review

Basic Computer Science Questions & Answers

  Computing exact speed of a t1 line

Below what speed are there different leased line standards in different parts of the world? What is the exact speed of a T1 line?

  Write code application using a sub procedure

I need to code an application using a sub procedure to boh calculate and display a 10% bonus, use a sub procedure named ClearLabel to clear the contents of the bonusLabel whne the TextChanged even occurs for either text box

  Explain use of compensatory substituent in identification

Explain the use of "compensatory substituent" in identification and annotation of non-coding genes? Write down the difference between matrix and a Blosum60 Blosum20 matrix?

  Tandem centre spool configuration is used in hydraulic

Name a few typical applications in which Tandem centre spool configuration is used in hydraulic system.

  Design a nine-step counter to count using d flip-flops

Design a nine-step counter to count in the following sequence using D flip-flops (TTL 74704) on a breadboard and on verilog: 0011, 0101, 1001, 1000, 1011, 1010, 0110, 0100, 0111, 0011, ... Include in the design a means for resetting the counter to 00..

  Implement the backend for a list

Using an array to implement the backend for a list, create a list class that can contain integers and implements all of the following funtionality via the following functions:List() - the constructor List (const List& 1) - a copy constructor

  Exploited both network and host vulnerabilities

Several computers in your company have recently been compromised. It was discovered that your company network had been under attack for several months. However, these attacks had not been previously detected. The attackers exploited both networ..

  Define relevant systems analysis and design

Relevant systems analysis and design. Scholarly research should exist performed within the last few years that develop timely and appropriate procedures for an information systems analysis and design.

  Express problem as ilp constraints

Each will receive exactly 7. Additionally, each individual must receive the same quantity of wine. Express the problem as ILP constraints, and find a solution.

  Explain how the method represents knowledge

Select a method for knowledge representation and reasoning that we have not covered in lectures and write 1{2 pages addressing the following: briefly describe how the method represents knowledge and include an example; briefly describe the inferenc..

  Create a florida state information system

Create and use a Microsoft Access Database from which the program will retrieve the city information. Include 1 table with 5 fields per row, and 10 rows of data (cities).

  Write a method firstlast that could be added

Write a method firstLast that could be added to the LinkedIntList class that moves the first element of the list to the back end of the list. Suppose a LinkedIntList variable named list stores the following elements from front (left) to back (right)

Free Assignment Quote

Assured A++ Grade

Get guaranteed satisfaction & time on delivery in every assignment order you paid with us! We ensure premium quality solution document along with free turntin report!

Submit Assignment

Academics

Major Subjects

Majors

Get In Touch

whatsapp: +1-415-670-9521

Phone: +1-415-670-9521

Email: [email protected]

TERMS & POLICIES

HELP & SUPPORT

All rights reserved! Copyrights ©2019-2020 ExpertsMind IT Educational Pvt Ltd