S e g u r i d a d

d e

S i s t e m a s

0 9 0 4 7 6

A p p l i c a t i o n S e c u r i t y |1

Application Development Fundamentals

Abstract

This article explains the types of source codes and the functionality of different program types.
Types of Source Codes

Application security is an integral part of security. There are various issues arising from Java, ActiveX controls, malicious code, and other attack methods. These issues result in undesirable events occurring in the application. You need to identify these application-related issues and implement countermeasures to eliminate or reduce them. The applications are developed using open or closed source code programs. The program source code, which is available to you freely for reading and modification, is called an open source code program. You can customize the source code per your requirements without any restrictions. Further, you can redistribute the program to other users without paying any royalties to the original developer. The aim of an open source code program is to improve the performance of the program. The Linux operating system and the Apache web server are examples of programs or applications developed using open source code programs. Unlike an open source code program, closed source code programs are not available freely to users. To use closed source code programs, you need to obtain a license from the developer of the program. Further, you cannot modify the program per your requirements. You can only use the binary version of the source code as the executable file. To access the source code of the closed program, you need to sign a nondisclosure agreement. The applications developed by Microsoft are written and developed using closed source code programs. Types of Programs

Computers execute only programs that are written in machine language that is also known as first-generation computer language. A machine language program consists of binary instructions, such as 0s and 1s. The instructions are interpreted and executed by the CPU. However, writing programs using machine language is difficult and time-consuming. As a result, the assembly languages, also known as second-generation computer language, were introduced. Before the CPU executes the programs written in assembly language, the program is converted into machine language using a program called an assembler.

2|A p p l i c a t i o n S e c u r i t y

S e g u r i d a d d e S i s t e m a s 0 9 0 4 7 6

An assembler is a program that converts programs written in assembly language to machine language, which is easily understood by the computer. Programs written in an assembly language consist of symbols and words instead of numbers. Before a program is executed, the assembler program converts the symbols and words into the corresponding binary numbers. However, writing complex programs in assembly language is difficult and timeconsuming. In addition, programs written in assembly language only work for a specific family of CPUs. With the introduction of high-level languages or third-generation computer languages, such as COBOL, FORTRAN, and C, programmers started using simple English-like statements to write their programs. Unlike programs written in machine language, high-level language programs do not interact directly with hardware. As a result, high-level programs need to be converted to machine language. Compiler and interpreter are programs that are used to convert high-level language program into machine language. The difference between them lies in the process of program execution. The compiler parses or analyzes the entire program at a time for syntactical correctness and then produces an output code. The output code is referred to as machine code, which is further processed by the processor. An interpreter program interprets each statement of the high-level program at one time and stops program execution when it encounters an error. The output code is generated only when the program is error-free. This run-time analysis of a program is known as interpretive overhead.

S e g u r i d a d

d e

S i s t e m a s

0 9 0 4 7 6

A p p l i c a t i o n S e c u r i t y |3

Summary
Application security is an integral part of security. These security issues result in undesirable events occurring in the application. The applications are developed using open or closed source code programs. The program source code that you can modify is called an open source code program, and the program source code that you cannot modify is called a close source code program. Computers execute only the programs written in machine language. A machine language program consists of binary instructions, such as 0s and 1s. An assembler program converts programs written in assembly language to machine language. Compiler and interpreter are programs that are used to convert high-level language program into machine language. A complier program analyzes the entire program at one time while an interpreter program interprets each statement of the program at one time.

4|A p p l i c a t i o n S e c u r i t y

S e g u r i d a d d e S i s t e m a s 0 9 0 4 7 6

Attack Methods
Learning objective

After completing this topic, you should be able to distinguish between the types of attacks used in the enterprise environment and identify the appropriate methods to counteract them.

1. Types of attackers
Before understanding the different types of attack that occur in the enterprise environment and how to counteract them, security professional should know about the entities that conduct the attacks. These entities include hacker Hackers are individuals who attempt to access information systems and network resources in an unauthorized manner. cracker Crackers are individuals who intentionally break into a computer system by breaching computer security. A cracker's motives are usually altruistic or to prove that a system can be breached. phone phreak Phone phreaks are individuals who crack the phone network to make free long-distance calls in an unauthorized manner. These entities are responsible for conducting attacks related to denial of service (DoS), security architecture, and access control. They are also responsible for sending hoax messages. Hoaxes are false statements made with the intention of scaring users. They aim at deliberately misleading the users and prompting them into performing rash actions. A hoax includes e-mail hoax E-mail hoaxes consist of fake and chain-letter-style documents that spread faster than any other hoaxes. web hoax

S e g u r i d a d

d e

S i s t e m a s

0 9 0 4 7 6

A p p l i c a t i o n S e c u r i t y |5

Web hoaxes spread through bogus web sites containing false or misleading information. You can consider a computer virus alert a hoax when it is received from an unknown person asks you to visit a web site and download antivirus software asks you to forward it to other users

2. Types of attacks
Attackers perform DoS attacks on operating systems to make resources unavailable to valid users. The six types of DoS attacks are Smurf and fraggle A smurf attack is launched using Internet Control Message Protocol (ICMP) packets. An ICMP packet contains the return address of the victim's computer. The attacker broadcasts the ICMP packet to the amplifying server or network. The amplifying server sends this ICMP packet to thousands of active computers. All the active computers on the network reply to the victim's computer. The reply traffic to the victim's computer overwhelms, and sometimes crashes, the victim's computer. Further, this attack consumes most network bandwidth and makes the entire network unusable. A fraggle attack is similar to the smurf attack. The only difference between the two is that the fraggle attack uses User Datagram Protocol (UDP) packets instead of ICMP packets. These countermeasures can be used against smurf and fraggle attacks: set up a firewall to block all broadcast and ICMP messages configure all computers to drop ICMP messages turn off the directed broadcast capability of the router implement intrusion detection system (IDS) to monitor and notify the system
administrator about the occurrence of these attacks

install the latest security patches on the system SYN flood A SYN flood attack is waged by not sending the final acknowledgement (ACK) packet, which breaks the

6|A p p l i c a t i o n S e c u r i t y

S e g u r i d a d d e S i s t e m a s 0 9 0 4 7 6

standard three-way handshake used by TCP/IP to initiate communication sessions. During the attack, the attacker sends a Synchronize (SYN) message with a fake IP address to the victim's computer. The victim acknowledges the SYN message, sends the Synchronize-Acknowledge (SYN-ACK) message back to the attacker, and reserves memory space for the connection. However, the victim's computer does not receive an ACK message. This process keeps repeating and the victim's computer runs out of the resources required for the half-opened connection. As a result, the victim's computer crashes or stops accepting connection requests. These countermeasures can be used against SYN flood attacks: set up firewall to limit the number of connection requests implement IDS use SYN cookies to avoid the allocation of resources to half-opened connections install the latest security patches on the system Teardrop Teardrop attacks occur when an attacker exploits a bug in an operating system. The bug exists in the routines used to reassemble fragmented packets. An attacker sends numerous, specially formatted, fragmented packets to the victim, which causes the system to freeze or crash. These countermeasures can be used against the teardrop attack: merge all the fragmented packets into a full packet before routing them to the target
system

implement IDS to detect all the fragmented packets Distributed denial of service Distributed denial of service (DDoS) attacks occur when a large number of systems attack a single system to halt network activity. In DDoS attacks, the attacker installs client attack software on computers and uses them to send service requests to the victim's computer until it stops functioning. The computers that the attacker uses for targeting the victim's computer are called slaves or zombies.

S e g u r i d a d

d e

S i s t e m a s

0 9 0 4 7 6

A p p l i c a t i o n S e c u r i t y |7

These countermeasures can be used against DDoS attacks: scan the computers to identify if the attack software is installed on them access the log files on which the client attack software is installed to determine the
location of the attacker

disable unused services on the systems install firewall and IDS DNS DoS Domain Name Service (DNS) DoS attacks occur when an attacker changes the IP address of a web site and maps it to an incorrect host on the Internet. This prevents users from accessing the original web site. These countermeasures can be used against DNS DoS attacks: implement a secure DNS update the DNS Berkeley Internet Name Domain (BIND) version because BIND
consists of the resolver library, which has standard APIs for translating domain names and IP addresses

configure the DNS servers for internal and public records Cache poisoning Cache poisoning attacks occur when an attacker is unable to change the DNS address of a web site and enters false data about the DNS address of the web site in the cache. As a result, users are unable to access the required web site. These countermeasures can be used against cache poisoning attacks: configure DNS servers implement Domain Name System Security Extensions (DNSSEC), which helps
track cache poisoning attacks using cryptographic electronic signatures

use HTTPS to validate the server's digital certificate DoS attacks include smurf, fraggle, SYN flood, teardrop, DDoS, DNS DoS, and cache poisoning. The attacks related to access control are brute force Brute force attacks occur when an attacker tries different input combinations to obtain the correct password.

8|A p p l i c a t i o n S e c u r i t y

S e g u r i d a d d e S i s t e m a s 0 9 0 4 7 6

To avoid brute force attacks keep the password length to a minimum of eight characters lock the account after a specified number of unsuccessful attempts implement strict access control to reduce the occurrence of such attacks dictionary Dictionary attacks occur when an attacker tries a list of possible passwords, which are located in a dictionary file or word list. The attacker uses a cracking tool to crack the passwords. To avoid dictionary attacks use the one-time password authentication technique the password renewal policy to enforce password rotation hard-to-guess passwords cracking tools to identify weak passwords implement IDS spoofing Spoofing attacks occur when an attacker modifies data packets with false information to trick other systems or users and hide the origin of the message. Hackers usually do this so that their identity cannot be successfully revealed. To avoid spoofing attacks configure firewall to discard packets that contain Request for Comments (RFC)
1918 private addressing

avoid using reserved IP addresses because these are used by the attackers to
spoof the host and attack the system

use egress and ingress filtering systems to ensure that only required packets can
enter and exit the network

implement intrusion prevention system (IPS) to monitor network traffic In addition to DoS and access control attacks, there are attacks related to the security architecture. The buffer overflow attack, also known as smashing the stack, is related to the security architecture, where an attacker causes or uses errors or bugs in code to cause system memory problems. For example, because of bugs in code, the attacker can store more data in the buffer than its storage capacity. As a result, the additional information in the memory overflows. The attacker exploits this vulnerability to crash the computer or insert certain code that allows the attacker to gain control of the computer.

S e g u r i d a d

d e

S i s t e m a s

0 9 0 4 7 6

A p p l i c a t i o n S e c u r i t y |9

To avoid this attack, you need to use the bound checking mechanism in program code to check the length of the input variable install the latest security updates, patches, and hot fixes Further, there are other attacks trapdoor, timing, pseudo flaw, and alteration of authorized code. Trapdoor is an undocumented command sequence that allows software developers to bypass normal access restrictions. During the program testing stage, the developer needs to continuously authenticate to the system. To speed up the development process, the developer comments the authentication code in the program to skip the authentication process. If the developer leaves these trapdoors open in the program, attackers can exploit this vulnerability and gain access to the system without authenticating. To avoid trapdoor attacks, the developer should document the command sequences commented in the program. Timing attacks include between-the-lines entry negative acknowledgment attack line-disconnect between-the-lines entry Between-the-lines entry attacks occur when an attacker taps the temporarily inactive terminal of a legitimate user in an unauthorized manner. To avoid this attack, communication lines should be kept secured so that the attacker cannot enter the secured communication lines. negative acknowledgment attack Negative acknowledgment (NAK) attacks occur when an attacker capitalizes on an operating system's failure to suitably handle NAK packets. A NAK packet is a response sent from a receiving device to a sending device, indicating that the information received contained errors. To avoid this attack, systems should be programmed properly to process NAK packets. line-disconnect Line-disconnect attacks occur when an attacker accesses and uses the communication session of the user who is trying to terminate his

10|A p p l i c a t i o n S e c u r i t y

S e g u r i d a d d e S i s t e m a s 0 9 0 4 7 6

communication session. To avoid this attack, implement a secured communication line. Pseudo flaw attacks are loopholes that are inserted into the operating system or the program by developers to trap attackers and track the source of attack. The aim is to ensure that attackers spend more time and effort on attacking the flaws in the program, instead of attacking the actual program. Alteration of authorized code attacks occur when an attacker modifies the authorized code in a program. For example, there are programs you can execute only after entering a valid authorization code. To execute this program, the attacker modifies the authorized code in the program. To do this, the attacker identifies the subroutine in the program that checks for authorization and writes a small program. This program creates patches in the authorized code. The next time the attacker executes the program, the instructions specified in the patch program are executed, which bypasses the authorization subroutines in the program.

S e g u r i d a d

d e

S i s t e m a s

0 9 0 4 7 6

A p p l i c a t i o n S e c u r i t y |11

Summary
Hackers, crackers, and phone phreaks are responsible for conducting various attacks within an organization. DoS attacks include smurf, fraggle, SYN flood, teardrop, DDoS, DNS DoS, and cache poisoning. Attacks related to security architecture include buffer overflow. Similarly, access-control-related attacks include brute force, dictionary, and spoofing. In addition to these attacks, there are other attacks, including trapdoor, timing, pseudo flaw, and alteration of authorized code. Security personnel should establish countermeasures to protect the organization from these attacks.

12|A p p l i c a t i o n S e c u r i t y

S e g u r i d a d d e S i s t e m a s 0 9 0 4 7 6

Malicious Code
Learning objective

After completing this topic, you should be able to recognize the different types of malicious code that can affect a system or network and identify the methods that can be used to mitigate them.

1. Computer attacks
Different types of attacks can affect a system. Each attack type has a prevention mechanism or countermeasure associated with it. There are four types of computer attacks: TOC/TOU Time of Check/Time of Use (TOC/TOU) is a timing attack that occurs when a program checks access permissions in advance of a resource request. For example, when a user logs on to a system, the system creates an access control list for the user. Now, if the system administrator changes the access control of the user when the user is logged on, the changes will not be applied. The changes will be applied only after the user logs on again. To avoid TOC/TOU, the access permission to a resource should be checked when you are accessing the resource and not in advance. Social engineering One of the most overlooked attacks is social engineering. This is the act of tricking a person into providing confidential information by posing as an individual who is authorized to receive that information. To avoid social engineering attacks, the user must be aware of social engineering attacks through security awareness training take the initiative and refrain from giving confidential information over the phone or
the Internet

follow the security guidelines laid down by the organization in handling unknown
requests for information or clearance

S e g u r i d a d

d e

S i s t e m a s

0 9 0 4 7 6

A p p l i c a t i o n S e c u r i t y |13

Threat agents People, programs, hardware, or systems that exploit vulnerabilities are termed threat agents. A natural calamity that poses a risk to information security is also termed a threat agent. To avoid threat agents, you need to perform threat analysis. This involves identifying potential threats to the information system determining the factors responsible for the identified threats identifying the countermeasures to be established against the identified threats Mobile code Mobile code is a small, executable program that is transmitted across a network and executed on a local system. Users can download this program from an untrusted source and execute it on their systems. This increases the risk of attack. In addition, this program might consist of malicious code, which consumes all system resources and causes the system to crash. There are two types of mobile codes, Java applets and ActiveX. Java is an object-oriented language that is used to write small programs, called applets, which are executed autonomously from the server that sent them. Poorly written applet programs restrict access to your computer's system resources erase confidential information from your computers send data to an unknown location on the network write malicious code into the processor

Java is a platform-independent programming language that creates intermediate code called bytecode. This code is not processor specific. To create processor-specific code, you use Java Virtual Machine (JVM), which converts bytecode into machine code. Java applets, which are downloaded and executed from remote computers,

14|A p p l i c a t i o n S e c u r i t y

S e g u r i d a d d e S i s t e m a s 0 9 0 4 7 6

are called untrusted programs. They have limited access to a computer's memory, processor, and resources. Java provides you with a security mechanism called sandbox, which is a security boundary within which the untrusted Java applet is executed. However, the applet programs you write are secured and trusted and, therefore, reside outside the sandbox. The sandbox restricts the amount of memory and processor resources required to execute the program. If the program exceeds these limits, the browser terminates the program. You can also install firewall and filter the applet programs. Firewall filters the applet programs by searching the telltale sign, "0xCAFEBABE." In addition, you can use the cryptographic authentication technique to find the owner of the mobile code. This technique limits the risk to a user. ActiveX is another example of mobile code developed by Microsoft using Component Object Model (COM). ActiveX is active code that is a reusable and stand-alone control. These controls can be written using different programming languages, such as C++, Visual Basic, Visual C++, or Java. In the ActiveX model, a web page consists of a number of controls that help users interact with a web page. ActiveX uses a security scheme that includes digital signatures, which are verified using the Authenticode technology. This technology ensures that the controls are not modified before users download them. As a result, ActiveX controls are secured and have greater access to the resources on the computer. However, users can disable the Authenticode option on their systems. This results in the downloading of unsigned controls. As a result, you need to use firewall to filter ActiveX controls. Computer attacks include TOC/TOU, social engineering, threat agents, and mobile code.

2. Malicious codes
Malicious code is another form of computer attack. It includes an extensive range of programmed computer security threats that take advantage of various network, operating system, physical security, and software vulnerabilities to distribute malicious code to

S e g u r i d a d

d e

S i s t e m a s

0 9 0 4 7 6

A p p l i c a t i o n S e c u r i t y |15

computer systems. There are various types of malicious codes, ranging from viruses to spyware. A virus is an unwanted and unsolicited malicious program or piece of code that can damage a computer system. They are transferred from one system to another when you share data share storage devices hard disk or floppy disk without granting appropriate access rights download files from the Internet open unknown e-mail messages It is to be noted that viruses are never transferred without the help of human intervention. The various types of viruses are file infector The file infector virus attacks the executable files with the .exe and .com extensions. When you execute the infected file, the virus attaches itself to other program files. boot sector or system infector The boot sector or system infector virus plants itself in a system's boot sector and infects the master boot record. This virus is activated when you boot up the system. To avoid this problem, the manufacturers are now adding special protection to the boot sectors of the storage media. multipartite A multipartite virus is also known as a multipart virus. This virus simultaneously attacks the boot sector and the executable files. Accordingly, multipartite viruses combine the characteristics of file infector and boot sector viruses. For example, the Marzia virus, discovered in 1993, infected the executable files as well as the system's master boot record by writing malicious code to them. script Script viruses are written using script languages. The virus either infects other scripts or forms a part of multicomponent viruses. This virus affects only those applications for which it has been written. Script viruses are spread through e-

16|A p p l i c a t i o n S e c u r i t y mail attachments.

S e g u r i d a d d e S i s t e m a s 0 9 0 4 7 6

For example, the Melissa virus affects systems that have the Microsoft Outlook Windows client installed. If the Outlook client is not installed on a system and the script virus is executed on that system, the script virus will not spread. encrypted An encrypted virus consists of a virus detection routine and an encrypted virus body. When the infected program is executed, the virus decryption routine takes control of the computer and then decrypts the virus body. macro A macro virus infects Microsoft Word or Excel applications, typically disrupting workflow by inserting unwanted words or phrases. Macro viruses use the application's own macro programming language and infect documents and templates. This virus does not affect program files. polymorphic A polymorphic virus comprises of three parts, the virus body, the decryption routine, and the mutation engine. When the infected program is executed on the user machine, the decryption routine first decrypts the encrypted virus body and the mutation engine and then allows the virus to search for the next program to be infected. The decryption routine is randomly generated by the mutation engine. After every cycle of replication, the virus changes its signatures making it difficult for any antivirus software to detect it. A worm is a subclass of virus. Worms spread automatically by taking control of the system and do not require any human intervention. They replicate very quickly and consume memory and network bandwidth, and waste CPU cycles. Trojan horses are programs that are embedded in software programs. They do not replicate themselves and simply execute the payload when the program is opened. Generally, Trojan horses promote trapdoor or backdoor attacks to access system resources. A logic bomb is a dormant or sleeping virus that is triggered when specific conditions are met. These conditions are known as triggers and are introduced by programmers. Triggers might be anything, ranging from time to the total number of times the program is executed. A logic bomb unexpectedly destroys the data stored on the hard disk. It becomes challenging to identify the data loss. The range of destruction is always on the higher side. System administrators should back up data at regular intervals to avoid any sort of data loss and install antivirus software to detect the virus at early stages.

S e g u r i d a d

d e

S i s t e m a s

0 9 0 4 7 6

A p p l i c a t i o n S e c u r i t y |17

Spyware is code written to capture keystrokes and system information or install a backdoor on the system. Spyware use keyloggers that help capture the passwords, credit card information, or other, sensitive data. These countermeasures can be put in place against viruses: install the antivirus software on a computer or network to monitor and identify all major types of malware and prevent or contain malware incidents install a host Intrusion Detection System (IDS) on a computer to monitor the activities on that computer and identify the files and processes that have been compromised or used by a malicious user to perform unauthorized activities adhere to the organization's e-mail policy and avoid opening unidentified email attachments

3. Covert channel types and DCOM

A covert channel is a communication path that enables a process to transmit information in a way that violates the system's security policy. A covert channel includes storage channels A storage channel is a covert channel that involves one process writing to a storage location and another process directly or indirectly reading the storage location. Covert storage channels typically involve a resource, for example sectors on a disk, which is shared by two subjects at different security levels. timing channels A timing channel is a covert channel in which one process modulates its system resource, for example CPU cycles, which is interpreted by a second process as some type of communication. Distributed Component Object Model (DCOM), developed by Microsoft, is an extension of Component Object Model (COM), and is created to support distributed computing. DCOM consists of various prebuilt objects software modules that reside on separate computers on the distributed network. These objects are reusable, self-contained objects and can perform specific business functions.

18|A p p l i c a t i o n S e c u r i t y

S e g u r i d a d d e S i s t e m a s 0 9 0 4 7 6

Programmers are now creating applications using DCOM objects. The software components can gain access to these distributed objects and can be integrated in the application. DCOM provides the authentication, integrity, and confidentiality of data through a single property called authentication level. The authentication level can only be applied to objects that are residing on the server. However, you can decide the level of authentication you want to apply to an object.

S e g u r i d a d

d e

S i s t e m a s

0 9 0 4 7 6

A p p l i c a t i o n S e c u r i t y |19

Summary
There are four types of computer attacks. These include TOC/TOU, social engineering, threat agents, and mobile code. Malicious code is an extensive range of programmed computer security threats that take advantage of various network, operating system, physical security, and software vulnerabilities to distribute malicious code to computer systems. Malicious code includes viruses, worm, Trojan horses, logic bombs, and spyware. A convert channel is a communication path that enables a process to transmit information in a way that violates the system's security policy. DCOM is an extension of COM and is created to support distributed computing.

20|A p p l i c a t i o n S e c u r i t y

S e g u r i d a d d e S i s t e m a s 0 9 0 4 7 6

Knowledge-Based Systems and the Development Life Cycle

Learning objective

After completing this topic, you should be able to recognize the characteristics of various knowledge-based systems and identify the activities involved in the different phases of the information systems development life cycle.

1. Knowledge-based systems
Several data retrieval techniques can be used to retrieve data. However, because of the large volume of data stored in databases, it has become difficult for employees to retrieve the right information at the right time. This hampers the decision-making process of the management. You can solve this problem by using knowledge-based systems. A knowledge-based system consists of knowledge stored in a knowledge base on a specific domain, such as accounting, production, and medicine. The information stored in the knowledge base is collected from experts who have in-depth knowledge of their respective domains. A knowledge-based system uses artificial intelligence (AI), which enables the system to think and behave like a human and solve complex problems, identify hidden patterns, draw inferences, and help forecast and diagnose issues. An expert system is a knowledge-based system that uses AI to solve complex problems. An expert system is based on rule-based programming Rule-based programming refers to the set of rules and algorithms that are based on if-then statements. Based on user input, these rules define what action needs to be taken in a particular situation by matching the user input with the rules stored in the knowledge base. For example, an expert system can be designed to help people decide what to do in the event of an earthquake. The knowledge base might contain these statements:

S e g u r i d a d

d e

S i s t e m a s

0 9 0 4 7 6

A p p l i c a t i o n S e c u r i t y |21

if the earthquake is between 3.5 and 5.4 on the Richter scale, people should not
stand under trees and stay away from any heavy objects placed at a height

if the earthquake is between 5.5 and 6.0 on the Richter scale, people should move
out of their homes because the homes might collapse

inference engine Inference engine searches the rules based on user input in the knowledge base and decides which rules are applicable to the situation. The inference engine acts like the human brain that takes decisions in all situations. Continuing with the example of the earthquake, a user might inform the expert system that an earthquake measuring 5.8 on the Richter scale has occurred. The inference engine analyzes the information stored in the knowledge base and makes a recommendation. The main aim of creating an expert system is to aid decision makers and technicians by providing them with the expertise to arrive at a conclusion quickly. An artificial neural network is another type of knowledge-based system, which processes information based on the neuron structure of the human brain. A conventional system can perform complex mathematical tasks but fails to remember the logic of the program. This can be achieved by using artificial neural networks. An artificial neural network system uses highly interconnected processing elements, which are capable of learning, remembering, and solving a problem from the acquired knowledge or tasks that have been already performed. Neural systems can be implemented in various applications, such as voice recognition and face identification. Unlike other systems where processing is done sequentially, neural networks process information in parallel, which makes them robust. The failure of a single node does not lead to system failure. The advantages of neural networks are adaptive learning Adaptive learning is the ability of the system to learn tasks that have been performed already or for which training has been imparted. self-organization Self-organization is a characteristic of neural networks by virtue of which the networks organize the information they receive during the learning period.

22|A p p l i c a t i o n S e c u r i t y real-time operation

S e g u r i d a d d e S i s t e m a s 0 9 0 4 7 6

Real-time operation refers to the ability of neural networks to enable the parallel processing of tasks. fault tolerance via redundant information coding Fault tolerance via redundant information coding refers to the ability of the network to function even when one or more nodes on the network are not functioning. Conventional computers use algorithms to solve problems. This means the instructions are processed sequentially. But neural networks function depending on the input provided during training in the form of content, guidelines, and examples. These networks compute logic in parallel and, as a result, the outcome is based on the input provided. The only disadvantage of the neural networks is that their operations are unpredictable because problems are solved through adaptive learning.

2. System development life cycle

When designing a system, the system analyst should follow these guidelines for designing controls: the controls should ensure that all the data is processed the controls should avoid error-prone situations in the application the controls should be able to track and fix errors as early as possible the controls should not hamper data flow within the application the controls should be cost effective the controls should follow the organization's overall security strategy

The system analyst should follow these guidelines to control the development process: testing includes program testing, system testing, and acceptance testing file conversion includes planning, following up errors, and checking old files controls change requests provide training to users on how to operate the application and prepare documentation

There are three approaches to develop software: Ad-hoc Waterfall

S e g u r i d a d

d e

S i s t e m a s

0 9 0 4 7 6

A p p l i c a t i o n S e c u r i t y |23

Iterative

Ad-hoc The ad-hoc approach is followed when there is no fixed development plan for a project. The team members involved in the project work according to their own understanding. As a result, the performance of the team members is monitored on an individual basis. The benefit of this approach is that no prework is required for creating plans and the individual team members can work on their own. The disadvantage of this approach is that the entire organizational capability cannot be measured because every individual works according to his own understanding. Various parameters, such as schedules, budgets, and functionality, remain inconsistent.

Waterfall The waterfall approach structures the different phases of the system development life cycle (SDLC), such as analysis, design, programming, and testing. All the activities listed for a particular phase have to be completed before the next phase begins. The output of one phase acts as input for the next phase. The advantage of this approach is that every step is planned and documented. This prevents discrepancies from creeping into the process. The disadvantage of this approach is that it is not suited for large projects or for projects that have a short delivery span. The reason is that the team cannot perform various tasks concurrently because the completion of one phase denotes the beginning of the next phase. Iterative The iterative approach divides a project into small modules for flexibility. Each module then follows the waterfall model for development. The main advantage of this approach is that each module is documented, and the entire team can work simultaneously on various modules. If any changes need to be made, this can be conveyed at the early stages and feedback during the development process helps enhance the project.

24|A p p l i c a t i o n S e c u r i t y

S e g u r i d a d d e S i s t e m a s 0 9 0 4 7 6

Various models have been developed based on the iterative approach. The prototyping model is one of them. The prototyping model helps a user view the elementary working model of the project. This prototype can be worked on for further changes, depending on user feedback. The entire process of refining the prototype continues till the user is satisfied by it. The different forms of the prototyping model include Rapid Application Development (RAD) strictly adheres to the timelines set. This enables the quick development of the project. Joint Analysis Development (JAD) allows developers to work with users. This enables a better understanding of user requirements and ultimately user satisfaction. In addition, JAD promotes teamwork, which combines the expertise of all individual team members. Modified Prototype Model (MPM) allows the quick implementation of the projects' prototype. The maintenance phase remains a continuous phase after the initial installation. The project has scope for improvement, depending on requirements. Apart from the prototyping model, the other models include The exploratory model relies on assumptions for the project to be developed. This model is followed for projects for which requirements cannot be identified at the initial stages. Project development begins with whatever raw data is available at the early stages. As a result, this model is followed for projects where requirements are not precisely mentioned. The spiral model is a combination of both the prototype model and the waterfall model. Apart from this, an additional feature of risk assessment is included in this model. The initial prototype is developed using the waterfall model and then risk assessment is conducted to evaluate the feasibility of the project because of increased costs or lengthened timeframes, if any. The object-oriented programming model concentrates on objects that are the building blocks of this model. Each object is a self-contained module of preassembled programming code. The advantage of using this model is that the object can be reused later. Object-oriented programming can be based on either the reuse model or the component-based development model. The extreme programming model follows the ethics of working in a team. It incorporates moral values, such as simplicity, communication, feedback, and

S e g u r i d a d

d e

S i s t e m a s

0 9 0 4 7 6

A p p l i c a t i o n S e c u r i t y |25

courage. This enables the entire team to work as one unit, deliver the software in a series of small, integrated releases, and meet user expectations. The cleanroom model saves time in the testing phase by working vigorously during the design phase. This strategy aims at preventing defects rather than removing them. The user receives a high-quality product in a comparatively less amount of time. Based on user requirements, the development team selects the best software development approach suited to develop software. The aim is to provide quality products and meet all user expectations. After deciding the software development approach, you need to follow the various development phases of SDLC to protect the system. Security is one of the major concerns in the SDLC. It should be implemented throughout the life cycle of the system. The development phases include project initiation The project initiation phase aims at identifying business needs (functional requirements) with the proposed solution, project objectives, scope, strategies, cost, and other, related factors. The security tasks involved in this phase are checking whether the application requires protection checking whether there are any potential risks of exposure of sensitive information
because of the application

checking whether any output requires special measures checking whether the application will be accessed remotely functional requirements definition The functional requirements definition phase includes a comprehensive analysis of all the present and future functional requirements of the new system to satisfy users. Apart from this, the output of the project initiation phase is also reviewed and required changes are made. The security tasks related to this phase are similar to the project initiation phase. system design specifications The system design specifications phase talks about all the designing issues related to the system. In this phase, system architecture, expected system output, and system interfaces are designed. Security issues have to be kept

26|A p p l i c a t i o n S e c u r i t y

S e g u r i d a d d e S i s t e m a s 0 9 0 4 7 6

in mind when inputting data, enabling data flow, and specifying data output requirements. build/development and documentation The build/development and documentation phase involves the generation of the source code of programs, test scenarios, and test cases. The system and program are documented for maintenance and turnover after unit testing is conducted. The final output goes for acceptance testing and production. Continuing with the various phases of the SDLC, there are a few more phases. These include acceptance The acceptance phase involves a third party creating the test data and testing the code to ensure that the system developed is working per the specifications and meets all the functional and security requirements. These security tasks are involved during this phase:
security testing should be performed to ensure no design and implementation flaws creep into the system and allow the user to violate any of the policies simulating the production environment to test the validity of the system creating a security certification package and user documentation

testing and evaluation controls The testing and evaluation controls phase ensures that the management team confirms all the changes per the system requirements. The program librarian should retain all the test data and a duplicate copy of the production data should be used for similar types of data. The data also has to be evaluated to ensure it has checked the system thoroughly for all parameters. These security tasks are involved during this phase:
testing all changes and then validating the data acknowledging the results of the test retaining implementation test data to test modifications maintaining a separate copy of production data for parallel execution

certification and accreditation Certification and accreditation is a two-step process. Certification is the process of evaluating the security parameters of the new system against the standard, predefined standards. This is done for both the technical as well as the nontechnical parameters. The output of this process is to be sent to an

S e g u r i d a d

d e

S i s t e m a s

0 9 0 4 7 6

A p p l i c a t i o n S e c u r i t y |27

accreditation officer who reviews and certifies the document and further authorizes the software to be implemented for production for a specific period of time. installation In the installation phase, the system is moved from the acceptance phase into the live production environment. During this phase, the system is implemented after obtaining security accreditation and the end user is trained on how to use the system. These security tasks are involved during this phase: controlling data entry and data conversion restricting access to the system validating the accuracy of information flow post installation The post installation phase is for monitoring system performance and ensuring the continuity of the system. These security tasks are involved during this phase: testing the backup and recovery procedures ensuring adequate controls for data and report handling determining the effectiveness of security processes

28|A p p l i c a t i o n S e c u r i t y

S e g u r i d a d d e S i s t e m a s 0 9 0 4 7 6

Summary
A knowledge-based system consists of the knowledge stored in a knowledge base on a specific domain. These systems use artificial intelligence (AI). There are two types of knowledge-based systems, expert systems and neural networks. There are three approaches ad-hoc, waterfall, and iterative that you can use to develop software. The development team has to select the best software development approach. The software life cycle is typically broken into phases. Security should be implemented during each phase of the SDLC.

S e g u r i d a d

d e

S i s t e m a s

0 9 0 4 7 6

A p p l i c a t i o n S e c u r i t y |29

Databases and Data Warehousing

Learning objective

After completing this topic, you should be able to distinguish between various database models and technologies, and define basic concepts associated with databases and data warehousing.

1. Database models
A database is a collection of information stored and organized in tables. A table consists of rows and columns. An organization uses databases to store their business data related to customers, vendors, products, or orders. The dependency of the organization on the usage of databases is increasing because of its capability of providing the right data at the right time. This helps the management in its decision-making process. As a result, the security personnel should implement appropriate controls to protect the databases from unauthorized access, tampering, and destruction of data. The storage and retrieval of data to and from a database seems transparent but the data actually travels through a number of levels view, physical, and logical within a database. To effectively secure the database, security personnel should understand the flow of the data stored in the database. To store, retrieve, and manage data, you use the Database Management System (DBMS). Further, the DBMS provides data integrity and removes data redundancy and inconsistency when viewing the data. The elements of the DBMS include database, hardware, software, and end users. Before creating a database, you need to define the database structure, keeping in mind the organizational requirements. For example, an architect develops the structure of a building before constructing it. You need to define the relationships between the data stored in the database. To achieve this, you need to create a database model. This model defines the structure of the database.

30|A p p l i c a t i o n S e c u r i t y

S e g u r i d a d d e S i s t e m a s 0 9 0 4 7 6

A database model should provide transaction persistence Transaction persistence is a feature of database models that keeps the state of the database the same as it was before any transaction occurred. fault tolerance and recovery Fault tolerance and recovery is a feature of database models that keeps data in its original state. There are two ways of data recovery, rollback, and shadow. Rollback cancels the last incomplete or invalid transaction and retrieves data. Shadow reapplies the transaction to the previous state of the database. sharing by multiple users Sharing by multiple users is a feature of database models that allows multiple users to share data without corrupting the data. security controls Security controls is a feature of database models that defines access permissions for data and checks for data integrity. There are six types of database models: Hierarchical The hierarchical model merges records and fields into a logical tree structure that represents the database structure. The data stored in this model is linked in a way that each record (child) has only one owner (parent). This model is useful for mapping one-to-many relationships. These are the features of the hierarchical model:
a tree is the starting node of the database structure the tree consists of a root node, subtrees, and leaf nodes the nodes below a node are the child nodes of that node each node in the tree has its parent node and child nodes

Suppose you have two tables, Students and Schools. The Students table contains StudentNames and StudentIDs and the Schools table contains SchoolName and SchoolCode. Each student can be enrolled in only one school, but that school can have multiple students. Here, school is the parent and student is the child.

S e g u r i d a d

d e

S i s t e m a s

0 9 0 4 7 6

A p p l i c a t i o n S e c u r i t y |31

Network The network database model is similar to the hierarchical database model but offers more flexibility with respect to the relationships among records. This model overcomes the limitation of the hierarchical model by establishing a multiple child-parent relationship. For example, there are two types of loan categories (parent), housing and vehicle. The borrower (child) can apply for both categories of loan. Here, the borrowers can take a loan for housing and vehicle. The multiple child-parent relationship is established. Relational The relational database model simplifies the database structure by storing data in tables in the row-column format. Each row is known as a tuple or a record and each column is known as an attribute or field of the record. This model is useful for mapping many-to-many relationships. Suppose you have two tables, Customer and Product. The Customer table consists of CustomerID and ProductID. The Product table consists of ProductID and ProductName. The relationship between the tables is established by using the common field, ProductID. A customer can buy many products and one product can be sold to many customers. This model is capable of handling ad-hoc queries using a query language called Structured Query Language (SQL). SQL is a declarative programming language that helps retrieve data from relational databases. SQL uses query statements to retrieve information from databases. Using these queries, you can specify
what data you want to retrieve the tables from where you want to retrieve the data how you want to display the data

Spreadsheet The spreadsheet database model represents a database structure created using a spreadsheet program, for example, Excel, Lotus 123, Quattro Pro, and Monte Carlo simulations. This database model provides mathematical functions that help in computing. The format for organizing and storing data remains the same as in the relational

32|A p p l i c a t i o n S e c u r i t y model by using tables.

S e g u r i d a d d e S i s t e m a s 0 9 0 4 7 6

Suppose a company deals with a large number of products. To estimate the average return and identify the risk of the new products, the company uses the spreadsheet database model. Object-oriented The object-oriented data model organizes data using objectoriented programming features. These are the features of the object-oriented database model:
represents information in the form of objects objects are reusable in programming languages, such as Visual Basic and C# enables you to create object copies and allows you to make changes to the copies

Distributed In the distributed database model, the data is stored in multiple databases but remains logically associated. The user believes that there is only one database even though it is spread across different parts of the network. For example, the market research group of an organization consists of ten databases located in different parts of the world. These databases are logically connected to each other. The market research group can query all the databases to view the likes, dislikes, and preferences of customers all over the world. This helps the organization when launching new products. Depending on the user requirement, data can be arranged according to any of the models. These include hierarchical, network, relational, spreadsheet, objectoriented, and distributed.

2. Database access technologies

Retrieving data is the most essential part of database management. For this, you can use various technologies that allow users and applications to access the data by establishing a communication mechanism and a specific interface type. Open Database Connectivity (ODBC) is an interface that allows an application to communicate with a local or remote database. To access data, ODBC translates the application requests into database commands and tracks the required database driver for the application. The goal of ODBC is to make it possible to access data from any application.

S e g u r i d a d

d e

S i s t e m a s

0 9 0 4 7 6

A p p l i c a t i o n S e c u r i t y |33

Object Linking and Embedding (OLE) is a Microsoft technology used to link data objects into or from multiple files or sources on a computer. OLE provides access to data, regardless of format, type, or location. For example, the organization's critical data stored in the database might come from other applications, such as Microsoft Excel, Microsoft Access, or web applications. OLE is based on Component Object Model (COM), which allows one application (source) to access data from another application (destination). OLE segregates the data into interoperable components, which are executed as middleware at the application (source) end. Linking creates a link to the actual object. Embedding inserts the copy of the object into a document. When the actual object is updated, the embedded object is also updated when you open the document. For example, you can embed an Excel chart in Word. When you change the Excel chart, the chart inserted in Word is also updated when you open Word. A few more database access technologies help to connect end-user applications to the databases. These are eXtensible Markup Language eXtensible Markup Language (XML) is a standards-based format of the World Wide Web Consortium (W3C) that facilitates data interchange between different applications. W3C has created a text file that consists of the data structure. This data structure defines the format in which the data can be displayed. This helps represent data in a structured and standardized format independent of the database and application. Java Database Connectivity Java Database Connectivity (JDBC) is an application programming interface (API) that connects Java programs and databases, directly or indirectly. If the database vendor provides the JDBC drivers, the connection between the Java program and the database is established directly. Otherwise, the connection is established indirectly through ODBC to provide a standardized database interface for Java. ActiveX Data Objects ActiveX Data Objects (ADO) is an API offered by Microsoft that enables users to write programs. This program helps access relational and nonrelational databases from Microsoft and other database providers. Online Transaction Processing Online Transaction Processing (OLTP) is a data processing system designed to record all the business transactions of an organization as they occur. OLTP helps in the real-time processing of the SQL transactions.

34|A p p l i c a t i o n S e c u r i t y

S e g u r i d a d d e S i s t e m a s 0 9 0 4 7 6

OLTP ensures that two users are not simultaneously modifying data, or one user cannot change the data if the other user is using that data. OLTP consists of a transaction log, which records all information about the transactions. If the system fails during the transaction, it is recorded in the transaction log. The next time that the system starts, the transaction log is reviewed and the transaction starts from where it stopped the last time.

3. Basic database concepts

Data mining is a procedure or tool that allows analysts to examine a data warehouse and look for possible correlated information among historical data. It helps find hidden data patterns, trends, and data relationships that exist in databases. Data mining is useful for analyzing credit risk frauds detection monitoring competition asset evaluation Inference is an attack that uses a combination of several instances of nonsensitive information to achieve access to information that ought to be classified at a higher level. Suppose that, in an organization, a user reads all records of the technical complaints made in a day. He would get an idea about what resources are present in the organization and who owns the resources. This information might be used for undesirable activities that might prove to be a risk. Polyinstantiation refers to an event that occurs when multiple rows in the same table have identical primary key elements but with each being distinguished by a different security level. Polyinstantiation ensures the integrity of all copies of the information in the database. In addition, polyinstantiation ensures the storing of confidential data at multiple locations within the database. Polyinstantiation is often used as a defense against some types of inference attacks.

S e g u r i d a d

d e

S i s t e m a s

0 9 0 4 7 6

A p p l i c a t i o n S e c u r i t y |35

Summary
Database models represent the database structure and define the correlations between the data. The different types of database models are hierarchical, network, spreadsheet, object-oriented, relational, and distributed. The database access technologies include ODBC, OLE, XML, JDBC, ADO, and OLTP. Some important database concepts include data mining, data warehouse, inference, and polyinstantiation.