Protecting systems when writing software
It is important to think about security at the design stage of a softwareThe programs, applications and data in a computer system. Any parts of a computer system that aren't physical. package as this may stop some cyberattacks being possible.
Before writing software, there are a number of questions that need to be considered:
- What threats is the software likely to face?
- Does the software need security features like usernames and passwords, or will security be provided by the networkA group of interconnected computers/devices. in some other way?
- How will patchAn update to a piece of software, usually to fix bugs or improve the software in some way. be installed?
- Should the software use encryptionFiles that are encrypted have been altered using a secret code and are unreadable to unauthorised parties.?
- Does the system need to create an audit trail A record of what has been done and who or what did it on a computer system.?
An audit trail is a record of what has been done, and who or what did it. For example, in a banking system, the audit trail would show the date, time and location of a transaction and how the transaction was performed - eg by cash machine or member of staff. An audit trail can be used to check what happened and return the system to a previous state if needed.
While software is being written, there are a number of processes that can be used which will help ensure the software is as secure as possible. code reviewChecks of source code by other experienced programmers to check there are no errors and that no security issues have been created. are checks of source codeThe code behind a computer program, written in a programming language. by other experienced programmers to check it is well written and that no security issues have been created. modular testingTesting sections of code individually to ensure they work as expected and don鈥檛 contain security issues. is testing individual sections of code to ensure that they work as expected and don鈥檛 contain security issues before they are added to the rest of the system. dataUnits of information. In computing there can be different data types, including integers, characters and Boolean. Data is often acted on by instructions. is input to the module, it is processed and outputs are produced. This testing could be done manually or by using an automated test system.
Consideration should also be given to the operating systemThe software that manages the hardware and software resources in a computer system. that the software will be run on. Some operating systems are more secure than others. A secure operating system will be designed with security in mind and is likely to contain features to help the network administratorAlso known as network manager. A person with the responsibility of managing and maintaining the network within an organisation. ensure the system security is maintained.