If you are a Software Engineer everyone might ask you to “Can you hack this facebook-account?”. As a human being, this is a very easy question to asked But from your point of view, you might think that you have to build an application and whether the application is secure or not?
If you do not preserve your application from others it’s like you have to give your phone to everyone can access. So when you are developing any software must ensure secure access. So even if you are a software engineer, it is a must for you to have a basic understanding of computer security.
Computer security handles the protection of computer systems and information from harm, theft, and unauthorized use. Before the software security concept, I have to explain what are the software weakness (vulnerability) are in the Software Industry.
1. Broken Authentication
The authentication is broken when attackers are able to compromise passwords, keys or session tokens, user account information, and other details to assume user identities. This typically caused under two reasons. Those are
● poorly implemented authentication
● session management
This causes hackers can easily hack the broken authentication to get users’ passwords or session tokens, or even take over users’ accounts to assume their identity.
Bugs are software errors or faults or failures in a computer program that produce an unexpected result or something variance from the original result. Bugs problem usually occurs by a human when during the programming process. This causes problems ranging from stability issues to operability problems.
Software bugs should be caught during the testing phase of the software development life cycle, but some can go undetected until after deployment.
3. Broken access control
Access control, or authorization, is basically how a web application grants access to resources to some users, and not others.
These resources having under two categories:
● sensitive data- which should only be accessed by certain entities
● functions- can modify data on the webserver, or even modify the server’s functionality
Not even these three, so many software weaknesses are having when developing a software application.
In computer science, there are two types of security concerns are there. One is technical hacking and the other is non-technical hacking. In this article, I have to explain each of the types’ examples for that
Technical hacking- Password protection
Non-technical hacking- Social Engineering
1. Technical hacking- Password Protection
Setting up a strong confidential password for every application is most important. Because the applications that we use require some sort of user credentials to uniquely identify a user and protect each user’s data confidentially.
But our human beings cannot remember the long password as their long memory. They easily forgot the long numbers as that they have to use some easy passwords for their accounts. For example, they used their date of birth or NIC numbers or whether they have to quickly capable they were used. But these passwords are not secure hence that hackers can easily hack the password.
And when we have to create an account for any application we have to enter our personal details. Those details are data for hackers so they can easily get that privacy detail and used those for unwanted purposes. And as we are human beings, we are usually used one password to all accounts whether it’s a bank account or Facebook, and so on. If a hacker was hacked one account then he can easily figure out the password for another account. This is quietly saying like we have to given our door key to someone to open the door. So as a user when we need to enter a password keep in mind to give a different password for different applications.
But as a developer there are some ways to protect the passwords even if they are hacked. Developers should make proper ways to store a password. When storing a password without changing it in plain text the hacker easily hacked for it. So it best the developers employ options to change the way that they store passwords. For this, they have two options.
- Encrypting the password.
- Hashing the password.
1.1 Encrypting the password
Encrypting is the process of changing the password from the original password. So if hackers hack the password they cannot find out the original meaning of that password. First, we have to see how encryption work.
For example, a person sends important/personal details to another. So that person encrypts it using specialized software that scrambles the data into what appears to be unreadable gibberish. It’s actually looking for
Thus, what starts out looking like this:
like this. But the original context is I saw your personal details, all are done. This way of encryption happens.
There are two important encryption methods are there;
1. Symmetric Encryption Method- This is also called a secret key algorithm. this method requires the sender and the receiver to have access to the same key. So, the recipient needs to have the key before the message is decrypted.
2. Asymmetric Encryption Method- This is called the public key algorithm.
There are two keys are used for this method, public and private to the encrypted process which is mathematically linked. The user employs one key for encryption and the other for decryption, though it doesn’t matter which you choose first.
1.2 Hashing password
Hashing generates a unique signature of fixed length for a data set or message. It is a mathematical algorithm that used to change the input value to output value and not even that it will change the size of the output.
Hashing is also used in data encryption. Passwords can be stored in the form of their hashes so that even if a database is breached, plaintext passwords are not accessible. MD5, SHA-1, and SHA-2 are popular cryptographic hashes.
2. Non-technical hacking- Social Engineering
The term social engineering is a broad range of malicious activities accomplished through human interactions. It’s a type of cybercrime. It’s the art of manipulating people because they easily go down under the emotions, feelings, fears, and so on. Social Engineers are people that are able to take advantage of these emotions, trust, curiosity, and steal information easily. So they give up confidential information to prevent this issue.
There are different types of social engineering attacks are there. Those are Scareware, Baiting, Pretexting, Phishing, and so on.
Social Engineering Prevention
- Users should never insert unknown peripherals into their system.
- Keep their antivirus software up to date.
- Should always verify the email before clicking on the links provided in the email.
What is hashing?
Hashing is the process of converting a given key into another value. A hash function is used to generate the new value…