Secure software is software developed to protect systems and resources from malicious attacks while allowing normal operations. It ensures systems and resources remain safe even when under attack, and detects and removes attacks. Adhering to security standards facilitates early detection of defects, reducing costs of remediation. Key aspects of secure software include securing databases from SQL injections, encoding data before execution to prevent injections, validating all input data, and implementing access controls to define user access to resources.

1. Unit 4 Software Security
Dr Mohammad Zunnun Khan

2. Secure Software Definition
• There are many different types of software (system or application
software). Irrespective of the services offered, software must be
developed in a way that protects and preserves the environment and
resources within which they work.
• Secure Software is defined as software developed or engineered in
such a way that its operations and functionalities continue as normal
even when subjected to malicious attacks.
• The systems and resources in its environment remain safe and the
attacks detected and removed.

3. Why Does Security Matter
• A defective software can have very dire consequences to any business
organisation or system.
• The costs of detecting such malicious attacks and remediation of the
the damages can be significantly reduced if standards are adhered to
and professional steps taken in the early stages of the software
development life cycle.
• Adhering to standards facilitate early detection of software defects,
saving costs and resources down the line.

4. • A software system or application offers some sort of services and makes use of varying
types of resources.
• Any one of these components are a potential target of malicious intruders.
• Securing a software is like securing a device or a gadget that serves you.
• The level of security will determine the ease with which it can be vulnerable to attacks.
• If we take a family car for example, it is easier to steal an unlocked car than a locked one.
• It is also easier to steal a car which uses a manual key than one which uses a smart key.
• Even though the smart key offers a higher form of security it can't prevent an intruder
from smashing the window.
• The same way, a software cannot be foolproof or prevent physical theft of a system.

5. Characteristics of Secure Software
• Secure Database
• One of the most common database attacks are SQL injections.
• These involve the injection of malicious code into the design code of
the software accessing its back-end database and executing malicious
queries or actions.
• With access to the back-end database the intruder has control over
the data and damage can be limitless.
• Securing against database SQL attacks may involve isolating the
database from the running code.

6. • Encode Data Prior to Execution
• One of the vulnerabilities that facilitate many injection attacks is
when the database is not adequately isolated from the running code.
• Though isolation may curtail, to some extent, some of these attacks, a
better standard security measure is to encode data, making it safe
before it is used.
• Encoded data is transformed into unrecognizable executable
statements before being passed to the respective interpreter.

7. • Input Data Validation
• Data validation is the process of ensuring that input data is accurate
and complies with the requirement of the input field.
• All data originating from outside the software, whether from clients'
or other interface applications, must always be treated as
questionable.
• Issues arising from vulnerabilities at input are carried through the
system to output.

8. • Access Control
• Access Controls are security rules that define who has access to what
resource or functionality within the software.
• Access rules must be carefully planned and implemented.
• Default access rights all user Profiles must be set at 'minmal' or 'no
access'.