Essay Example on Mobile Application Security Sandboxing of Applications Application








Mobile Application Security Sandboxing of Applications Application sandboxing is also known as application containerization is a safe isolated environment that replicates an end user operating environment where one can executes codes It is used to improve security by isolating an application to prevent malware intruders system resources from interacting with the protected app App Authentication App Authentication is a feature that helps to ensure that the users state who they are this help to ensure that the application s data is available in secure way Credentials most often usernames and passwords can be stolen These credentials often factor into determining the keys used in encryption and decryption a failure in authentication can have disastrous results For example when a user makes a request through the application one must confirm that the user is who they state they are especially when it is dealing with confidential information Website Application Development Session Handling Web servers with a HTTP address are a stateless protocol They are made up of requests and responses and there are no persistent connections Due to this there is no way of knowing who is sending requests sessions are then used to store user information which are then utilized across multiple pages E g username password background etc When a session is used a session ID is stored in a form data or a cookie which is sent with each requests

This ID acts as a link and directs the client to a particular file or record depending on how the session was stored Input data validation Data validation is a process of ensuring that data has undergone data cleansing to ensure that the quality of the data is both correct and useful The purpose of data validation is to ensure correct user input For example A user does a sign up form The form contains various inputs such as name age DOB Date Of Birth etc The user accidentally inputs wow into the age column she fills the rest of the form before pressing submit The system will prompt the user to fill in the age column with numbers and an error message will shown HTTPS HTTPS stands for Hypertext Transfer Protocol Secure It is the secure version of HTTP this suggests that all communications between the browser and website and encrypted HTTPS is often used to protect high confidential online transactions or forms HTTPS certificate often work hand in hand with SSL Secure Sockets Layer HTTPS and SSL are essentials to ensuring that connection between users and the website are secure Security Plugins Security plugins are used to further enhance website security from hacking attempts These plugins addresses the weaknesses that are inherent to each of the platform and foils additional types of hacking attempts which could endanger the website To illustrate WordFence is a free WordPress security plugin which covers a range of website security ranging from login security to monitoring of the website Security Controls

They are safeguards or countermeasures to avoid detect counteract or minimize security risks Security Controls tend to fall under two different types of categories First is to resolve the system weakness so that the vulnerability can be removed or mitigated Second the system should offer required functionality to authorized user so that no one can use the functions which are not necessary Limitations of functionalities as well as resolving security weaknesses works work hand in hand to reduce the number of opportunities to be as few as for attackers to breach the system Database Security Encryption of password Encryption of passwords is the protection of passwords using various codes which are unreadable without a special type of key Password encryption cannot be revert back encrypted output to its original plain text input This ensures that the passwords stored on the server cannot be deciphered by anyone This way even if the attacker gains permission to view the user table he will be unable to make good use of it Encrypted passwords however are not infallible Brute force attack can still reveal it It is also important to note that password encryption does not protect the website but it's passwords only

Without sufficient protection provided for the website password encryption will not be able to prevent cracking Once the system is cracked the hacker can inflict irreparable damage to it and gain access to sensitive data including the passwords database Encryption of stored files backups Encryption of stored files and backups are necessary to prevent attackers from accessing sensitive data Stored files of a web application contain information about databases which software needs to connect to If the information is stored in plain text this allows the attacker to access confidential data Not all data theft or destruction happen can be a result of an outside attack Sometimes trusted employees can be compelled to steal or destroy data Thus it is recommended to encrypt any files which are important to the organization and are stored on database server Web Application Firewall WAF Web Application Firewall WAF protects Web servers from malicious traffic and targeted attacks through filtering and preventing attacks on the system This defence mechanism is effective in protecting the various applications against a wide range of attacks ranging from SQL injections to cross site scripting WAFs can be customized to an application however the effort to doing so is great Regular maintenance of the customized WAF is needed whenever the application is modified

Write and Proofread Your Essay
With Noplag Writing Assistance App

Plagiarism Checker

Spell Checker

Virtual Writing Assistant

Grammar Checker

Citation Assistance

Smart Online Editor

Start Writing Now

Start Writing like a PRO