Security Strategies in Web Applications sample essay

StudyAcer homework Experts at a Glance, Save Time and Excel

Writer avatar
Dr.Emma

Rating: 5/5    Reviews 482

Success rate 99%

Completed projects: 783

Hello, I am Prof Writers, I am a bold, accurate, and experienced tutor committed to providing clients with high quality, original, and timely work. As a writer, proficiency in several disciplines in academic writing is necessary, and that is why I prioritize on delivering quality and appropriate work. Be assured that I will always follow the lai...

Writer avatar
Dr.JamesPhD

Rating: 4.9/5    Reviews 373

Success rate 98%

Completed projects: 592

Hello, I am a full-time professional freelance writer with over 6 years experience in academic writing. I have a PhD in Strategic Management and have done several projects in business management, marketing and other subjects. This experience has helped me reinforce my ability to work in various fields and handle simple and complex topics. I am a...

Writer avatar
Dr.Success

Rating: 5/5    Reviews 1326

Success rate 96%

Completed projects: 1976

Hello :) My name is Dr.Success, I've started on my path as a professional writer mostly by writing essays. However, in the years since then, I've written various other academic papers, from research works to book reviews. From Sydney to New York, there are hundreds of students all over the world that are happy with the services I've provided the...

Writer avatar
MarvellousTutor

Rating: 5/5    Reviews 371

Success rate 98%

Completed projects: 1173

Hi there! Im MarvellousTutor, your perfect author with huge writing experience in English, Art and Business. What? Need assignment on another subject? No worries: I can deal with anything! If you're dreaming of the reliable, responsible and always-on-time writer, here I am! I manage my time greatly, thus, your deadline is highly important for me...

Writer avatar
Prof_Stephen

Rating: 4.7/5    Reviews 891

Success rate 98%

Completed projects: 1136

Hello there! My name is Prof Stephen. I have been a full-time freelance researcher and writer for a period of over 6 years. I have successfully completed over 1000 projects and assignments. I have had a good professional relationship with my clients who always come back for more quality papers since I highly value quality, professionalism, and i...

Writer avatar
Prof.TzKelly

Rating: 4.9/5    Reviews 244

Success rate 98%

Completed projects: 479

I'm ProfTzKelly, talented wordsmith, grammar afficionado, and writing machine. I'm written everything from outlines to screenplays and book reviews to advanced research papers. All you have to do to be well on your way to a great grade is chat with me! I'm experienced in all major styles, including APA, MLA, Chicago, Harvard, and Vancouver. You ...

Writer avatar
ProfAcer

Rating: 5/5    Reviews 465

Success rate 96%

Completed projects: 852

Hey! My name is ProfAcer, and my goal is to help you to get through a tough period of your life. I've been a student, and I know that the amount of work some professors expect you to do can be unfair and overwhelming. And that's without even accounting for the job you probably have an active social life each student should have. There is no sham...

Writer avatar
ProfessorEunice

Rating: 4.9/5    Reviews 412

Success rate 96%

Completed projects: 719

In academic writing, quality, originality, and deadlines are vital, and these are my primary offerings to all my clients. I have two years of experience as a full-time academic writer, with over 300 finance, economics, marketing, business, and general papers written from scratch. Since joining this site, I have also tackled sociology, healthcare...

Writer avatar
Think_Tank

Rating: 4.8/5    Reviews 319

Success rate 98%

Completed projects: 584

Hello! People call me ThinkTank, and I've been earning money as an academic writer for years. With a lot of works under my belt, you can bet that I've dealt with dozens of various topics and different forms of papers, including essays, research papers, and even dissertations. I like the challenge that comes with this job. I first fell in love wi...

Security Strategies in Web Applications sample essay

Do Not Copy. Order Custom, Original Paper.

Web application design and coding defects are the main reasons to create a secure coding policy and guidelines. The policy/guidelines are to provide awareness and ensure security when developing code. Techniques to secure code review:

Generally, IT analyst can divide the secure code review process into two different techniques: 1. Automated tool based/ Black Box: In this approach, the secure code review is done using different open source/commercial tools. Mostly developers use them while they are coding, but a security analyst may also take help of them. Tools are very useful while doing code review when we implement the secure SDLC process in the organization and provide the tool to developers themselves to do a “self-code” review while they are coding. Also, the tools are useful in analyzing large codebase (millions of lines). They can quickly identify potential insecure pieces of code in the code base, which may be analyzed by the developer or a security analyst (Infosec). 2. Manual/ White Box: In this technique, a thorough code review is performed over the whole code, which may become a very tedious and tiresome process.

But in this process, logical flaws may be identified which may not be possible using automated tools, such as business logic problems. Automated tools are mostly capable of finding technical flaws such as injection attacks but may miss flaws like authorization problems. In this process, instead of going line by line through whole code base, we can concentrate on potential problems in the code. Those potential vulnerabilities can be given a high priority. For example, in C/C++, if we try to find any copying function in the code and check whether it’s using functions such as, strcpy() for performing copy function. As we know, strcpy() is known to be vulnerable to buffer overflow attacks. We may also want to check if any customized encryption is being used in the application, which automated tools may miss as they can identify standard algorithms only (Infosec). Introducing security into NIST’s Five SDLC Phases:

Initiation Phase – Consists of all activities used to identify the different requirements from all stakeholders. This includes defining stakeholders, conducting stakeholder interviews and possibly some basic prototyping. It is also important to identify security requirements (Harwood, 2011). Development & Acquisition Phase – Transition functional and technical requirements into detailed plans for an actual information system. Results from interviews, use cases, and mock ups are developed into sequence diagrams, activity diagrams, state diagrams, and other artifacts that can be interpreted by software developers. User interfaces are also defined in greater detail (Harwood, 2011). Implementation & Assessment Phase – Actual coding of an information system.

All of the analysis and design artifacts previously created are transformed into application code by developers/programmers. This phase also includes testing and debugging (Harwood, 2011). Operations & Maintenance Phase – Encompasses all activities required to keep the system working as intended (monitoring, patch management, application fault remediation and audits). Disposition Phase – Ensures that information is retained, as necessary, to conform to current legal requirements and to accommodate future technology changes that may render the retrieval method obsolete (Harwood, 2011). Summarization:

The Software Development Life Cycle (SDLC) is a process to help ensure the successful development, operation and retirement of information systems. The SDLC has numerous methodologies including: Waterfall, Fountain, Spiral, Build and Fix, Rapid Prototyping, Incremental, and Synchronization and Stabilize. While they share common processes such as Design, Implementation, and testing, one of the most promising methodologies is Waterfall. It has several advantages: It is one of the most widely used and accepted methodologies and nearly all other methodologies derive from Waterfall. Its linear approach makes it easy to demonstrate where security fits into each phase. A crucial part of the SDLC is the source code review.

The purpose of source code review is to discuss, exchange information, and explain the code. Explaining the code will help identify problems and may provide new solutions in the troubleshooting process. Effective code reviews can include automated reviews. It is vital to implement security controls at each phase of the SDLC (Harwood, 2011). Best practices should include policies and guidelines that explain that software should be free from exploitable code vulnerabilities to meet the level of confidence. The code should provide security functionality as intended. Review and maintain Best Practices and guidelines annually. Including security early in the information system development life cycle (SDLC) will usually result in less expensive and more effective security than adding it to an operational system (Harwood, 2011).

Works Cited
Harwood, M. (2011). In Security Strategies in Web Applications and Social Networking. Burlington: Jones & Bartlett Learning, LLC, an Ascend Learning Company. Infosec. (n.d.). Retrieved from Infosec: http://resources.infosecinstitute.com/secure-code-review-practical-approach/


Need help with writing Security Strategies in Web Applications sample essay?

Get help


  • StudyAcer

    4.7/5
  • Trustpilot

    4.6/5
  • Sitejabber

    4.6/5

Please fill in the Order, to get Instant Homework Help


Attach files for the writers' reference