5.2.5: understand how to protect software systems from cyber attacks, including considerations at the design stage, audit trails, securing operating systems, code reviews to remove code vulnerabilities in programming languages and bad programming practices, modular testing and effective network security provision
Keyword | Definition |
---|---|
Acceptable Use Policy | set of rules that users have to sign which state what they are and are not allowed to do with a computer system or network |
Access control | something developers should consider at the design stage: granting or denying certain functionality to different groups of users |
Audit trail | a way of tracking down who is responsible for a cyber attack by keeping and checking records of all forms of access to a computer system or network |
Authentication | something developers should consider at the design stage: planning how to prove that the person using the software is who they say they are |
Bad programming practice | when a software developer forgets or isn't skilled enough to write secure code (e.g. not validating data submitted by a client before trusting it on a server) |
Code review | something that should happen regularly whilst developers are creating software in order to check that no security vulnerabilities make their way into code that is released to the user |
Code vulnerabilities | mistakes in code which could be exploited by a malicious user in order to provide unauthorised access to a computer system or data |
Design stage | part of the development process when programmers should consider how to make software secure before writing any code (e.g. what authentication or access control is required?) |
Encryption | something that developers should consider at the design stage: whether sensitive data shouldn't be stored in plaintext |
Modular testing | something that software developers should do when they complete each part of a program in order to test that it works as expected without any security vulnerabilities |
Network administrator | someone employed to maintain hardware and make sure software is updated and patched regulalry |
Operating system | the software installed on a computer that may need regular updates in order to keep it secure as new vulnerabilities are discovered |
Warnings | something developers should consider at the design stage: e.g. whether users should be prompted for confirmation before data is deleted |