Download - Application'sand security
![Page 1: Application'sand security](https://reader036.vdocument.in/reader036/viewer/2022070317/556d0ea1d8b42ad34f8b4eef/html5/thumbnails/1.jpg)
Viruses & Application Security
![Page 2: Application'sand security](https://reader036.vdocument.in/reader036/viewer/2022070317/556d0ea1d8b42ad34f8b4eef/html5/thumbnails/2.jpg)
Agenda• What Is Computer Virus• Symptoms• How does it spread• Types Of Viruses• Other Programs similar to Viruses• Application Security • Why Application Security Is Important• Why Often Application Security Is Ignored• Basic Security Concepts• Securing the Application • Conclusion
![Page 3: Application'sand security](https://reader036.vdocument.in/reader036/viewer/2022070317/556d0ea1d8b42ad34f8b4eef/html5/thumbnails/3.jpg)
What is a computer virus?• Computer viruses are a type of software program that is like a
biological virus, replicate and spread without the users knowledge
• Some virus may display only a message on the screen, others may slow down the Pc
• They can also erase files or even format your floppy or hard disk and crash the system
![Page 4: Application'sand security](https://reader036.vdocument.in/reader036/viewer/2022070317/556d0ea1d8b42ad34f8b4eef/html5/thumbnails/4.jpg)
Symptoms• Letters looks like they are falling to the bottom of the screen.
• The computer system becomes slow.
• The size of available free memory reduces.
• The hard disk runs out of space.
• The computer does not boot.
![Page 5: Application'sand security](https://reader036.vdocument.in/reader036/viewer/2022070317/556d0ea1d8b42ad34f8b4eef/html5/thumbnails/5.jpg)
How does it spread
• Computer viruses spread by attaching themselves to other computer program files
• When you exchange a file from pen drive with virus into our Pc, the virus spreads from one file to the another
• Viruses also spreads when a Computer Engineer comes to repair your system and puts his/her diagnostics disks in your PC
![Page 6: Application'sand security](https://reader036.vdocument.in/reader036/viewer/2022070317/556d0ea1d8b42ad34f8b4eef/html5/thumbnails/6.jpg)
Programs Effecting Computers Computer Viruses Malwares Worms Trojan horses Spyware Adware
![Page 7: Application'sand security](https://reader036.vdocument.in/reader036/viewer/2022070317/556d0ea1d8b42ad34f8b4eef/html5/thumbnails/7.jpg)
Types of viruses
Resident Direct Action Overwrite Boot Macro Directory
Polymorphic
File Infectors
Companion
Fat
Logic Bombs
![Page 8: Application'sand security](https://reader036.vdocument.in/reader036/viewer/2022070317/556d0ea1d8b42ad34f8b4eef/html5/thumbnails/8.jpg)
Resident Virus A virus that takes up permanent residence in the RAM
memory. It can take over or interupt any operation executed by the computer system. It can corrupt files and programs; such as copy, open, close, rename and more.
Examples: Randex, CMJ, Meve, and MrKlunky.
![Page 9: Application'sand security](https://reader036.vdocument.in/reader036/viewer/2022070317/556d0ea1d8b42ad34f8b4eef/html5/thumbnails/9.jpg)
Direct Action Virus A batch file that resides in the root directory of the hard disk.
When executed it will infect files in the directory and also directed to the batch file AUTOEXEC.BAT file PATH.
![Page 10: Application'sand security](https://reader036.vdocument.in/reader036/viewer/2022070317/556d0ea1d8b42ad34f8b4eef/html5/thumbnails/10.jpg)
Overwrite Virus A virus that deletes of overwrites part or all of the information
in a file, making them partially or totally worthless. To get rid of the virus, the file has to be deleted.
Examples of this virus include: Way, Trj.Reboot, Trivial.88.D.
![Page 11: Application'sand security](https://reader036.vdocument.in/reader036/viewer/2022070317/556d0ea1d8b42ad34f8b4eef/html5/thumbnails/11.jpg)
Boot Virus• A virus that affects the boot sector of the hard drive or a
floppy drive. The boot sector gives the computer information on how to boot, if it is not functioning the computer won't boot. To avoid a boot virus, don't boot your computer with an unknown floppy disk in your floppy drive and make sure it is write protected.
Examples of boot viruses include: Polyboot.B, AntiEXE.
![Page 12: Application'sand security](https://reader036.vdocument.in/reader036/viewer/2022070317/556d0ea1d8b42ad34f8b4eef/html5/thumbnails/12.jpg)
Macro Virus A virus written in a macro language that infects the files that
were created with it. When the file is opened the macro virus runs automatically. This may arrive on your computer by email attachment.
Examples of macro viruses: Relax, Melissa.A, Bablas, O97M/Y2K.
![Page 13: Application'sand security](https://reader036.vdocument.in/reader036/viewer/2022070317/556d0ea1d8b42ad34f8b4eef/html5/thumbnails/13.jpg)
Directory Virus Directory viruses will replace an existing executable and
move the real file somewhere else, so when you run it you are unknowingly running the virus program instead of the original. It then becomes impossible to find the original file.
![Page 14: Application'sand security](https://reader036.vdocument.in/reader036/viewer/2022070317/556d0ea1d8b42ad34f8b4eef/html5/thumbnails/14.jpg)
Polymorphic Virus Viruses that encode or encrypt themselves so that each new
version is different. This enables them to replicate and very hard for virus scanners to track down.
![Page 15: Application'sand security](https://reader036.vdocument.in/reader036/viewer/2022070317/556d0ea1d8b42ad34f8b4eef/html5/thumbnails/15.jpg)
File Infectors The majority of viruses are file infectors. This virus is
activated by running an executable file like .exe or .com extension files. Once run, the virus does its damage according to the program in the executable file.
![Page 16: Application'sand security](https://reader036.vdocument.in/reader036/viewer/2022070317/556d0ea1d8b42ad34f8b4eef/html5/thumbnails/16.jpg)
Companion Virus Once the system is infected they accompany the files that
already exist. They can lay in wait or take action immediately.
Some examples include: Stator, Asimov.1539, and Terrax.1069
![Page 17: Application'sand security](https://reader036.vdocument.in/reader036/viewer/2022070317/556d0ea1d8b42ad34f8b4eef/html5/thumbnails/17.jpg)
Fat Virus This virus will only infect a computer running a file
allocation table (FAT) file system. This virus will prevent access to parts of the hard drive preventing files to be accessed Newer windows computers use NTFS and don't need to worry about this virus.
![Page 18: Application'sand security](https://reader036.vdocument.in/reader036/viewer/2022070317/556d0ea1d8b42ad34f8b4eef/html5/thumbnails/18.jpg)
Computers Must Exist within a Secure Infrastructure
Harden systems Use concept of least-privilege Patch management Firewalls Using Anti Virus Programs Intrusion detection Virus protection
![Page 19: Application'sand security](https://reader036.vdocument.in/reader036/viewer/2022070317/556d0ea1d8b42ad34f8b4eef/html5/thumbnails/19.jpg)
Application Security An application is a program or group of programs designed for
end users.
Security is the degree of resistance to, or protection from, harm. It applies to any vulnerable and valuable asset, such as a person, dwelling, community, nation, or organization.
Application security is the use of software, hardware, and procedural methods to protect applications from external and internal threats.
![Page 20: Application'sand security](https://reader036.vdocument.in/reader036/viewer/2022070317/556d0ea1d8b42ad34f8b4eef/html5/thumbnails/20.jpg)
Why Is Application Security Important?• New threats emerge every day• Some hackers are not satisfied with penetrating your
network, they seek information that resides in your applications/databases
• Applications are often with poor designs, software bugs, and poor programming practices
• Applications may be a fast and have an easy entry point into a secure network
• Applications contain and process your most critical (important and sensitive) information
• Programming logic may be exposed to the possibility of being attacked just as troublesome as difficulties inherent with certain technologies
![Page 21: Application'sand security](https://reader036.vdocument.in/reader036/viewer/2022070317/556d0ea1d8b42ad34f8b4eef/html5/thumbnails/21.jpg)
Why Is Application Security Often Ignored?
Usually there are time and budget constraints in application development that cause proper testing and secure programming training to fall to the way aside
Security is typically not prioritized by programming teams, they are paid to deliver functionality first and foremost
E-commerce initiatives are often rushed into production Organizations often expect the software manufacturer “build in”
security is 80% process driven, 20% software driven
![Page 22: Application'sand security](https://reader036.vdocument.in/reader036/viewer/2022070317/556d0ea1d8b42ad34f8b4eef/html5/thumbnails/22.jpg)
Four Basic Security ConceptsPoor application security measures can lead to breaches in data: Data Integrity Confidentiality Availability Accountability
![Page 23: Application'sand security](https://reader036.vdocument.in/reader036/viewer/2022070317/556d0ea1d8b42ad34f8b4eef/html5/thumbnails/23.jpg)
Data Integrity• Data Integrity means having a secure and reliable data in the
database
• Protection of information from tampering, forgery, or accidental changes.
Examples:• January 2004, there were 13,654 known attacks on Linux Servers
![Page 24: Application'sand security](https://reader036.vdocument.in/reader036/viewer/2022070317/556d0ea1d8b42ad34f8b4eef/html5/thumbnails/24.jpg)
Confidentiality Ensures that applications and data is accessible to only the users
intended and authorized to have access.
Examples : While Login in Providing Id’s and Passwords
![Page 25: Application'sand security](https://reader036.vdocument.in/reader036/viewer/2022070317/556d0ea1d8b42ad34f8b4eef/html5/thumbnails/25.jpg)
Availability Ensures that authorized users have access to the application and
the data when required. Example: Microsoft Developer Store
Checking PNR Status Indian Railway Systems
![Page 26: Application'sand security](https://reader036.vdocument.in/reader036/viewer/2022070317/556d0ea1d8b42ad34f8b4eef/html5/thumbnails/26.jpg)
Accountability Within the Application
Ensure accuracy of data and guide against unauthorized modifications
Who did what with your data?
Examples : Having Notification To Our Mobiles From Social Networking Sites
![Page 27: Application'sand security](https://reader036.vdocument.in/reader036/viewer/2022070317/556d0ea1d8b42ad34f8b4eef/html5/thumbnails/27.jpg)
Securing the Application Authentication & Identification Authorization & Access Control Logging & Auditing Procedures Managing User Sessions Cryptography
Examples: Ceaser Cipher Text Modification, RSA Algorithms etc
![Page 28: Application'sand security](https://reader036.vdocument.in/reader036/viewer/2022070317/556d0ea1d8b42ad34f8b4eef/html5/thumbnails/28.jpg)
ConclusionEvery Application must be developed in Ethical hacking perspective
Prevent the loss, modification, or misuse of application systems “data” or application architecture. Here we are focusing on web-enabled systems
Making an e-commerce application secure is much harder than just adding a password protected login screen!
![Page 29: Application'sand security](https://reader036.vdocument.in/reader036/viewer/2022070317/556d0ea1d8b42ad34f8b4eef/html5/thumbnails/29.jpg)
Thank You