UP TO 50% OFF on Combo Courses!
D H M S

Cyber Security helping Security Development

Let’s begin to speak about software engineering that is an area of knowledge of computation turned to specification, development, and maintenance of software system, applying technology and practice of project management and other disciplines, creating an organization, productivity, and quality. Currently, this technology and practices include languages of programming, database, tools, platforms, libraries, defaults, process and the question of software quality. The science fundamentals to software engineering include the use of abstract models and accurate that permit of the engineer specific, project, develop and maintenance software system.

“Friedrich Ludwig Bauer was the first definitely software engineer as the creation and utilization solid principle of the engineer in order to cath software of economic form, that be trust and that work efficiently in machine reals.” The mean of engineer become concepts of creation, construction, analyzed, development and maintenance.”

During the development of a software, the technology managers become to ensure the delivery of a product with a low quantity of bugs in the less possible. Is a process that consists of several activities and products relationship the security in the phase of software development, a modeling of threat, analyzed of code with use of tools, review of code, security test directed and an end review of security, minimizing the appearance of vulnerability. A traditional development model is not should look like a reason to not implement a routine of security. when a manager demand uses best practices during the project, this minimizes bugs and create a software stable with little fail. The system could be released without serious fail, with this the possibility the exfiltration of data, SQL injection, denied services, hijacking attack between others can be prevented.  When the process of security development is not made of correct form, We can use some technique of cybersecurity, as vulnerability analyzed and fuzzing. 

Fuzzing:

Is a technique of software test, frequently automatize that offer invalid, unexpected and data radon as input to the program. While the test is to make, the system is monitor, exception analyzed as errors in real time of execution. Fuzzing is a technique much common, utilize to test problems of security in software or operating systems. There are two forms of fuzzing programs, based in mutant and based in generation, could be used as a test of white box, grey and black. The larger targets for this kind of test are the format of files and protocol of network, but anything kind of input of program can be created. Input interesting include, variable of environment, event of keyboard and mouse, and call of API. Until items normally not considered input can be generated, or tested, as the content of data base, share memory, or change of context between threads.

The main problem with the fuzzing technique for finding flaws in programs is that it usually encounters only simple faults. The computational complexity of the software test problem is exponential (O (c ^ n), c> 1), and every fuzzifier uses cuts in its quest to find something interesting in time that is reasonable for a person. A fiddler may have poor code coverage; for example, if the entry includes a checksum that is not properly updated to match other random changes, only the checksum validation code will be verified. Code coverage tools are often used to estimate how “good” a fuze works, but these are not accurate means to assess the quality of the fuzzifier. Each blaster can be expected to find a different set of bugs.

AUTHOR
Zoziel Freire ( )
Cyber Security Analyst Vitória, Espírito Santo, Brazil
“ To provide growth and maturity to the IT environments of companies with my expertise in the area ofinformation technology, as well as to obtain personal and professional knowledge and maturity. “
ISACA CRISC Masterclass
TOP
whatsapp