SECURE CODING PRACTICE

FWD - Secure Coding Practice Development Strategy

Executive Summary

This report looks into the current situation at FunkyCraftz Web Design (FWD) and how it can be improved to reduce the risk of losing clients. FWD is a web designing company that faces various issues due to increased awareness of network and system vulnerabilities, the purpose of this report is to thoroughly understand how these threats can be dealt with and minimized as much as possible. Based on thorough analysis recommendations have been provided that can help the company significantly and if implemented FWD can gain an added competitive advantage over other web developing companies.

Table of contents

Executive Summaryii

Introduction2

Host security2

Network security2

Discussion3

Threat Analysis3

Malicious Content4

Authentication attacks4

Phishing4

Denial of service4

Packet sniffers5

Conclusion5

Requirement Analysis6

Design7

Develop7

Testing security7

Deployment7

Maintenance8

Recommendations8

Appendices10

Appendix - Journal11

Articles read and consulted14

References15

Introduction

Funky craft design develops and designs websites and web applications for a wide range of clientele and companies across various industries. FWD recently faced an increase in the number of clients asking how FWD ensures the websites and application it creates are secure and threat proof. For many years FWD has focused in meeting the functionality requirements mentioned by the clients, they are now willing to shift towards not just meeting requirements but creating websites that are safe and free from any external or internal threats. In order to proceed with how to further strengthen the position of the company we need to analyse the most serious and damaging threats prevalent in structure of the whole World Wide Web. Due to the countless developments within the field of technology, various issues have aroused in which technology is being used maliciously with the purpose of harming others. Technology has advanced so profusely offering numerous services at the tip of the finger but as time progresses there are many threats arising in this system (Colins, 20120, p.1).

Many companies are unaware of how severe this issue is, and there is an ever increase in the crimes and thefts that are purely computer related. Security threats are of numerous kinds understanding these threats is essential. Some threats are directly targeted by professional hackers. A hacker is a person, who tries to access an unauthorized network or system, hacking is actually a relatively simple process and includes; A hacker scan the computer for any vulnerability by using a demon dialer or a war dialer once the hacker is within a machine he uses a hacker tool to identify which operating system is in use and what holes exists that can be accessed. Once inside a hacker finds his way to the root where he can access anything (Zetter & Brandth, 2001, p.3).

Many companies are applying various approaches in order to protect their systems from infiltration;

Host security

Protecting each device individually instead of through the whole network, though it has certain flaws vulnerability is at stake, but host security along with network security is added protection (Kilick, 2007, p.1).

Network security

A network security system ensures protection by limiting access only to internal devices. This is achieved by using routers, firewalls, and encryption and intrusion detection ...