SecurityArena

Guide to Practical Info Security!

Who's Online

We have 3 guests online
CBK Applications and Systems Development Security (Part-1)
CBK Applications and Systems Development Security (Part-1) - Functionality vs Security Print E-mail
Written by Administrator   
Thursday, 09 July 2009 08:54
Article Index
CBK Applications and Systems Development Security (Part-1)
Functionality vs Security
Database Management System
Database models
Database Interface Languages
Relational Database Components
Normalization
Integrity
Database Security Controls
Data Warehousing and Data Mining
Web Services
System Development
Functional Design Analysis and Planning
System Development Process Models
Verification vs Validation
Separation of Duties in System Development
Configuration management
All Pages
Page 2 of 17

Functionality vs Security

Computer applications and systems are usually developed with functionality as a primary consideration, not the security. Therefore in real life environments, we need to use additional perimeter devices rather than relying only on software intrinsic security measures.

  • Historically, it has not been crucial to implement security during the software development stages; thus, most programmers do not practice security design and coding.
  • Many security professionals are not software developers and conversely software developers do not have security as a main focus.
  • Software vendors are trying to rush their products to market with their eyes set on functionality, not security.
  • The computing community is used to receiving software with bugs and applying patches.

Because vendors have user-friendliness and user functionality in mind, the product will usually be installed with defaults that provide no or very low security protection. It would be very hard for vendors to know the security levels required in all the environments that the product will be installed in, so they usually do not attempt it. It is up to the person installing the product to learn how to properly configure the settings to achieve the necessary level of protection.



Last Updated on Friday, 28 August 2009 05:04
 
Please register or login to add your comments to this article.
Banner
Copyright © 2010 Information Security Arena. All Rights Reserved.
Joomla! is Free Software released under the GNU/GPL License.
 
Joomla 1.5 Templates by Joomlashack