As the world progresses to digital format, cyber security is becoming more important than ever. According to a recent study by Sophos, it is very important. 51% of businesses in the United States A.D. In 2020, it was hit by a roaming malware. That is really the number of security vulnerabilities that should not exist in our day and age. However, it is relatively understandable.

Pushing applications to hit the market quickly has been a driving force for many development teams, and in some cases, this means that cyber security takes a back seat. In fact, many companies have begun to accept this. DevOps Not only that, but you can model it in the hope that you will not Overcoming safety and compliance issues But release the product within a certain time frame.

App security

Basically the application security issue is comprehensive, with a variety of techniques, philosophies and certifications that can be applied to secure all applications.

Take the recent example Update To MITRE’s Common Weakness Enumeration (CWE), which itself is built on incredible popularity ATT & CK structure. The overall goal, supported by the US Cyber ​​Security and Infrastructure Security Agency (CISSA), is to identify the specific weaknesses of each category and identify security vulnerabilities and vulnerabilities. In fact, CWE has over 600 categories, everything from backup storage to script shortcuts and even racial status.

In particular, some experts predict that cyber-attacks will worsen, and this update may not be as fast as it used to be for both remote work and the Internet. This is why cyber security awareness is becoming more and more common for these companies. It is important that any device connected to the web has some cyber-resistance.

In fact, it is. Difference Companies often make a mistake between cyber resistance and cyber security. It’s not a choice between one or the other, and it’s not enough to simply throw as many code requirements as possible on the problem. Instead, companies and developers should take into account cyber resistance, such as continuous integration (CI / CD) pipes, to encode a few vulnerabilities or use more secure web hosts.

Web and cloud security

As you can imagine, much of the modern world is hosted in Cloud, And therefore, cloud security plays an important role in ensuring that data is secure. Of course, cloud-hosted app security It has become a problemEspecially since there is often no cloud-based DevSecOps Someone at hand to make sure the application is protected from external threats.

Interestingly, as in. There are security protocols available. Principles of safety compliance National Cyber ​​Security Center (NCC) measures such as data protection, verification, customer identification and verification in transit Customer All the basic cyber security and resilience concepts that the service is using safely are.

Security responsibility also includes website security standards. There are many ways. Waiting and waiting Web site infrastructure such as edge protection and secure web access.

Websites are prone to interference with better cyber security. Performance optimization, Which can make a website more responsive. In the absence of a safety mindset, this can be a risky approach.

A major contributor to the lack of web security is the general lack of presence and experience of developers in this field. In fact, a Recent study, About 60% of developers have less than five years of experience, which sometimes makes it difficult for companies to track not only the most sophisticated techniques but also some of the most sophisticated malicious actors.

The importance of OWASP

Clear and simple steps are important when applied to things like very complex code. In some cases, developers may forget the account in the drive to ensure that the code is secure. Best practices Application development, especially considering the huge time pressures they face.

This is where the Open Web Application Security Project (OWASP) becomes a useful guide. OWASP is a set of strict guidelines and requirements for application security. OWASP Checklist Helps developers easily integrate recommended security standards and eliminates code defects that may compromise security.

Although OWASP is great in terms of verifying standards, here is a quick review of the various methods it uses.

  • Output encodingAny information entered by a user may be compromised and must be encoded before it can be processed. This means that the output must clear the context using the standard scanning method. in fact, .Net Core It has built-in output encoding.
  • Input Verification: It is important to make sure that the information entered by the user is correct and does not allow any attacks. This usually involves checking various details to make sure that the input data is secure or does not lead to a single vaccine attack.
  • Session ManagementEnsuring the ability to handle multiple connections to a web application at the same time is important for security. Here, HTTP and other techniques play a role in generating new session IDs and ending session inactivity.
  • Cryptographic exercisesAs with anything on the web, it is extremely important to maintain the confidentiality and confidentiality of information. To achieve this, good encryption practices, including the failure of secret graphics modules, the use and implementation of encryption key management policies, are essential.
  • Communication securityMan: Intermediate attacks are very common and this is where it is important to make sure that the data is not only securely hacked but also easily accessible by the authorized recipient. Strong implementation of TLS is required with the appropriate configuration of the protocol.
  • Database securityProper database authentication and elimination of unnecessary features are key to verifying database security standards.
  • Memory managementIn recent memory-related security breaches, it is important to keep memory at the forefront of security issues. For example, the backup-surplus flow can be a big security hole, and it involves relying on ‘garbage collection’ such as connections and file containers.

Often, it may be necessary to find out if there is a disconnect between recent technologies and current skill levels. Back to the basics When it comes to programming and cyber security.

Updating encryption requirements is an important task that many security professionals may ignore or feel too busy to do. Similarly, simplifying code is something many experienced developers forget, and this can cause problems for everyone.

Conclusion

Cyber ​​Security a Multi-faceted problem This is getting worse as digital services continue to dominate the world. At this point, it is not necessarily the end of the world, and good cyber security is certainly attainable, especially when the standards provided by OWASP are readily available.

It is also important to consider the unique set of skills of security developers. Make sure you help them grow not only their safety credentials but also their careers. The goal is always to be creative rather than responsive to safety.


About the author: Gary Stevens is a full-time Ethereum Dave IT specialist for both QTUM and Loopring open source projects. He is also a part-time blogger. Privacy Australia, Where he discusses online security and privacy.

Editor’s note: The comments made in this guest post are for contributors only, and do not necessarily reflect Tripwire, Inc.