Assignment Content
- A software engineer designs, develop, tests, and evaluates the software and the systems that allow computers to execute their applications.
Take on the role of Software Engineer for the organization you selected in Week 1.
Use the technical guide template to create a 3- to 4-page Secure Staging Environment Design and Coding Technique Standards Technical Guide for the organization you chose.
Don't use plagiarized sources. Get Your Custom Essay on
Secure Staging Environment Design and Coding Technique Standards Technical Guide
Just from $13/Page
Research and include the following:
Design a secure staging environment for your organization
Diagram your staging environment
Include descriptions for each object in your environment
Create a secure coding technique/quality and testing standard for your organization covering the following secure coding techniques:
Proper error handling
Proper input validation
Normalization
Stored procedures
Code signing
Encryption
Obfuscation/camouflage
Code reuse/dead code
Server-side vs. client-side execution and validation
Memory management
Use of third-party libraries and ADKs
Data exposure
Code quality and testing
Automation
Static code analyzers
Dynamic analysis (e.g. fuzzing)
Stress testing
Sandboxing
Model verification
Submit the assignment.
Running head: APPLE TREAT ANALYSIS 1
THREAT ANALYSIS 6
Title: “Cyber Security Threat Analysis”
Keyerra Brooks
12/2/2019
University Of Phoenix
Threat agents
Regular:
A portion of the regular dangers that the organization face are the interruption of intensity, characteristic disasters and so forth.
Unexpected:
– Crackers – for the most part young people doing as scholarly challenge
– Information framework’s crooks – Espionage as well as Fraud/misuse – for a country/organization to increase an upper hand over its adversaries
– Vandals – approved clients and outsiders (wafer or a lawbreaker)- – propelled by outrage coordinated at an individual/association/life when all is said in done
Purposeful:
Opponent organizations, Crackers, Information framework’s lawbreakers, Vandals
Potential Attacks
. Unnecessary Privilege Abuse – clients are conceded database get to benefits that surpass the prerequisites of their activity work; e.g., a college manager whose activity requires just the capacity to change understudy contact data may exploit inordinate database update benefits to change grades
2. Real Privilege Abuse – Users may manhandle real database benefits for unapproved purposes; for example a maverick wellbeing laborer who is happy to exchange tolerant records for cash
3. Benefit Elevation – Attackers may exploit database stage programming vulnerabilities to change over access benefits from those of a standard client to those of a manager. Vulnerabilities might be found in put away methods, worked in capacities, convention usage, and even SQL proclamations
4. Database Platform Vulnerabilities – Vulnerabilities in basic working frameworks (Windows 2000, UNIX, and so forth.) and extra administrations introduced on a database server may prompt unapproved get to, information defilement, or forswearing of administration.
Exploitable vulnerabilities
The accompanying business shortcomings are the most outstanding on account of Apple:
1. Limited conveyance organize
2. High selling costs
3. Dependence of offers on very good quality market fragments
Apple Inc. has a restricted dispersion organize in light of the organization’s arrangement of eliteness. For instance, the organization cautiously chooses the approved venders of its items. The SWOT examination system considers this eliteness procedure as a factor that points of confinement advertise reach. This shortcoming exists notwithstanding selectiveness’ points of interest, for example, Apple’s solid control on the circulation of items. Moreover, due to its exceptional evaluating procedure, the organization has the shortcoming of the reliance of offers on very good quality market portions. Significant expenses pull in clients from the center and high-levels of pay, while keeping clients from low-levels of pay to effortlessly buy the organization’s items. This inward key factor is an impressive shortcoming since top of the line advertise fragments speak to just a minority of the worldwide market. In view of the inward factors in this part of the SWOT investigation, Apple Inc’s. valuing and circulation methodologies force restrictions or shortcomings in the business.
Risk history
For Apple’s situation, the accompanying dangers are the most critical:
1. Aggressive challenge
2. Imitation
3. Rising work cost in different nations
Extreme challenge in the business is somewhat a result of the forcefulness of firms. Apple contends with firms like Samsung, which likewise utilizes fast advancement. With regards to this SWOT examination, forceful challenge limitingly affects Apple Inc. Due to the forceful practices of contending firms, it is important to have solid essentials for keeping up upper hands. Also, the organization faces the risk of impersonation. This danger is critical as a result of the enormous number of neighborhood and worldwide firms that emulate the structure and highlights of Apple’s items. Also, rising work costs including contract makers, for example, those in China, diminish net revenues or push selling costs much higher. In light of the outside vital factors in this SWOT examination, Apple Inc’s. execution could endure as a result of forceful challenge and impersonation of item plan.
Assessment of dangers or effect of dangers on the business
• Interruption – demolished/inaccessible administrations/assets
• Interception – unapproved party snooping or gaining admittance to an asset
• Modification – unapproved party adjusting an asset
• Fabrication – unapproved party embeds a phony resource/asset
An organized rundown of recognized dangers
1. Greater, Subtler DDoS Attacks – Distributed Denial of Service Attacks
2. Old Browsers, Vulnerable Plug-Ins – e.g., program vulnerabilities and, all the more as often as possible, the program modules that handle Oracle’s Java and Adobe’s Flash and Reader.
3. Great Sites Hosting Bad Content – in VOHO watering gap assault, assailants tainted authentic budgetary and tech industry sites in Massachusetts and Washington, D.C., regularly got to by their proposed exploited people
4. Portable Apps And The Unsecured Web – bring-your-own-gadget development has prompted a flood in purchaser claimed gadgets inside corporate firewalls
5. Neglecting To Clean Up Bad Input – e.g., Since 2010, SQL infusion has held the top spot on the Open Web Application Security Project’s rundown of top 10 security vulnerabilities
6. The Hazards Of Digital Certificates – a progression of hacks against testament specialists gave assailants the apparatuses they expected to give false SSL authentications that could camouflage a noxious site as a real
7. The Cross-Site Scripting Problem – An assailant pursuing a financial site with a cross-site scripting helplessness could run a content for a login box on the bank’s page and take clients’ accreditations.
Countermeasures to lessen risk
In view of the vital issues featured in this SWOT investigation of Apple Inc., a suggestion is to proceed with the forceful and quick advancement associated with building up the organization’s items. Such advancement decreases the antagonistic impacts of impersonation on incomes. Likewise, it is prescribed that the organization further upgrade the robotization of its generation procedures, and bolster the computerization of its agreement makers, as a method for tending to the rising work costs including Apple item producers. Another proposal is to build up organizations with more merchants to improve the general market reach of the organization’s conveyance arrange.
REFERENCES
Byres, E., & Lowe, J. (2004, October). The myths and facts behind cyber security risks for industrial control systems. In Proceedings of the VDE Kongress (Vol. 116, pp. 213-218).
https://rampages.us/keckjw/wp-content/uploads/sites/2169/2014/11/Myths-and-Facts-for-Control-System-Cyber-security
Hare, F. B. (2009). Private sector contributions to national cyber security: A preliminary analysis. Journal of Homeland Security and Emergency Management, 6(1).
https://www.degruyter.com/dg/viewarticle/j$002fjhsem.2009.6.1$002fjhsem.2009.6.1.1426$002fjhsem.2009.6.1.1426.xml
Akbari Roumani, M., Fung, C. C., Rai, S., & Xie, H. (2016). Value analysis of cyber security based on attack types. ITMSOC: Transactions on Innovation and Business Engineering, 1, 34-39.
https://researchrepository.murdoch.edu.au/id/eprint/34865/
