Security vulnerabilites and controls

Version control

Version control is to be able to

User authentication

User authentication is when a solution confirms that the person is the person that they claim to be through usernames and passwords or biometrics

Encryption

Encryption is to make readable data not readable for the hacker with specific ways to encrypt such as symmetrical encryption and hash encryption

Software updates

To fix any bugs or weaknesses within the application that hackers could take advantage of

Software auditing

To check the softwares code for any possible back doors or malware especially if the code is from the internet

Penertration Testing

To have either a third-party or yourself check for any vulnerablilities within the solution

Data breaches

A data breach is when a companies private data has been taken maliciously by hackers

Man-in-the-middle attacks

A man-in-the-middle attack is an attack that involves a fake wifi network that gives access to the data that goes in and out of the network.

Social Engineering

This is when a malicious actor pretends that they are someone else or a company to gain access or get money from the victims

cross-stire scripting

Cross-site scripting is when a hacker injects code into a space for user-input making the website run it and give access to the hacker to whatever they want

SQL injections

An SQL injection is similar to cross-site scripting but they are using SQL to gain access to information

Third-party software

Software not made by the company that made the operating system

Diminished data integrity

If there is dimished data integrity there means there is a lack of accuracy, authenicity, correctness, reasonableness, relveance and timeliness.