Security threats to consider in software development
Abstract
Software development should take into consideration the threats in terms of privacy and security of information. These threats can mean significant losses for organizations which lead into financial losses, access to confidential information by unauthorized users or the failure of systems. These threats take on special importance due to the great dependence that we have on information systems today. For example, the rise of electronic commerce has considerably increased the number of transactions carried out over the Internet, which means that users provide sensitive data about payment methods and billing addresses. Likewise, users have to trust that they are providing information to a reliable system that will safely handle their data. Another example is the increasing use of cloud computing technology, in which users store private information on servers of external providers over which they have no control, and their information could be used for other purposes of which they are not aware. Similarly, the use of applications on mobile phones for Internet banking services could pose a threat in terms of access to accounts by malicious users if there are no security mechanisms in user authentication. It is a reality that the lack of measures that guarantee information security can trigger catastrophic scenarios. For this reason, this article identifies the possible threats and vulnerabilities that must be taken into consideration in software development, in such a way that the software produced meets the necessary security characteristics in order to guarantee the availability of services and the information integrity.
Downloads
References
D. Martin, Top 5 Information Security Threats and How to Prevent Them, Residential tech today, 14 julio 2021. [En línea]. Available: https://restechtoday.com/top-5-information-security-threats-and-how-to-prevent-them/. [Último acceso: 17 septiembre 2021].
StealthLabs, Cyber Security Threats and Attacks: All You Need to Know, 4 diciembre 2020. [En línea]. Available: https://www.stealthlabs.com/blog/cyber-security-threats-all-you-need-to-know/. [Último acceso: 20 septiembre 2021].
O. Cassetto, 21 Top Cybersecurity Threats and How Threat Intelligence Can Help, 25 junio 2019. [En línea]. Available: https://www.exabeam.com/information-security/cyber-security-threat/. [Último acceso: 20 septiembre 2021].
L.A. Gordon, M.P. Loeb, W. Lucyshyn & R. Richardson, CSI/FBI Computer Crime and Security Survey 2006, 11th Annual CSI/FBI Computer Crime and Security Survey, 2006. [En línea]. Available: http://pdf.textfiles.com/security/fbi2006.pdf. [Último acceso: 21 septiembre 2021].
N. Giandomenico & J. De Groot, Insider vs. Outsider Data Security Threats: What’s the Greater Risk?, Data Insider, 18 septiembre 2020. [En línea]. Available: https://digitalguardian.com/blog/insider-outsider-data-security-threats. [Último acceso: 23 septiembre 2021].
A. Tiwari, What Is The Difference: Viruses, Worms, Ransomware, Trojans, Malware, Spyware, Rootkit, Fossbytes, 15 marzo 2021. [En línea]. Available: https://fossbytes.com/difference-viruses-worms-ransomware-trojans-bots-malware-spyware-etc/. [Último acceso: 23 septiembre 2021].
R. A. Grimes, 9 types of malware and how to recognize them, Portal CSO, 17 noviembre 2020. [En línea]. Available: https://www.csoonline.com/article/2615925/security-your-quick-guide-to-malware-types.html. [Último acceso: 23 septiembre 2021].
L. Irwin, What is a DoS (denial-of-service) attack?, Portal it governance, 22 enero 2021. [En línea]. Available: https://www.itgovernance.co.uk/blog/what-is-a-dos-denial-of-service-attack. [Último acceso: 24 septiembre 2021].
J. Fruhlinger, DDoS explained: How distributed denial of service attacks are evolving, Portal CSO, 12 febrero 2021. [En línea]. https://www.csoonline.com/article/3222095/ddos-explained-how-denial-of-service-attacks-are-evolving.html. [Último acceso: 24 septiembre 2021].
B. Roddas, 50,000+ Fake Login Pages Spoofing Over 200 Brands Worldwide, Ironscales Safer Together, 24 agosto 2020. [En línea]. Available: https://ironscales.com/blog/fake-login-pages-spoof-prominent-brands-phishing-attacks/. [Último acceso: 27 septiembre 2021].
I. Belcic, Rootkits: qué hacen, cómo funcionan y cómo eliminarlos, Avast Academy, 16 enero 2020. [En línea]. Available: https://www.avast.com/es-es/c-rootkit. [Último acceso: 28 septiembre 2021].
S. Kost, An Introduction to SQL Injection Attacks for Oracle Developers, Integrigy Corporation. [En línea]. Available: https://web.archive.org/web/20151005235207/http://www.net-security.org/dl/articles/IntegrigyIntrotoSQLInjectionAttacks.pdf. [Último acceso: 30 septiembre 2021].
J. Ablon, How to prevent SQL Injection vulnerabilities: How Prepared Statements Work, 11 febrero 2020. [En línea]. Available: https://jaredablon-31568.medium.com/how-to-prevent-sql-injection-vulnerabilities-how-prepared-statements-work-f492c369614f. [Último acceso: 30 septiembre 2021].
D. Swinhoe, What is a man-in-the-middle attack? How MitM attacks work and how to prevent them, Portal CSO, 13 febrero 2019. [En línea]. Available: https://www.csoonline.com/article/3340117/what-is-a-man-in-the-middle-attack-how-mitm-attacks-work-and-how-to-prevent-them.html. [Último acceso: 5 octubre 2021].
Veracode, Man in the Middle (MITM) Attack Learn About Man-in-the-Middle Attacks, Vulnerabilities, and How to Prevent MITM Attacks, Application Security Knowledge Base. [En línea]. Available: https://www.veracode.com/security/man-middle-attack. [Último acceso: 5 octubre 2021].
J. Petters, What is a Man-in-the-Middle Attack: Detection and Prevention Tips, 8 octubre 2020. [En línea]. Available: https://www.varonis.com/blog/man-in-the-middle-attack/. [Último acceso: 6 octubre 2021].
J. Petters, What is a Brute Force Attack?, 20 julio 2021. [En línea]. Available: https://www.varonis.com/blog/brute-force-attack/. [Último acceso: 8 octubre 2021].
PasswordDepot, Ataques de fuerza bruta. [En línea]. Available: https://www.password-depot.de/es/know-how/ataque-de-fuerza-bruta.htm. [Último acceso: 8 octubre 2021].
K. Hewitt, 7 Internet of Things Threats and Risks to Be Aware of, Security Scorecard, 4 agosto 2021. [En línea]. Available: https://securityscorecard.com/blog/internet-of-things-threats-and-risks. [Último acceso: 10 octubre 2021].
