diff options
| author | Marcin Zelent <zelent.marcin@gmail.com> | 2018-05-17 12:48:13 +0200 |
|---|---|---|
| committer | Marcin Zelent <zelent.marcin@gmail.com> | 2018-05-17 12:48:13 +0200 |
| commit | a1383ba6446240a20ff4856c743713c1cb5fccd4 (patch) | |
| tree | b64de0ae47c2cdaaa6e89ef3b5c302e52adc3302 /synopsis.tex | |
| parent | 1b433c36d9b43fd064bac44459ce4136bdbf562c (diff) | |
Finished importance of AppSec
Diffstat (limited to 'synopsis.tex')
| -rw-r--r-- | synopsis.tex | 36 |
1 files changed, 33 insertions, 3 deletions
diff --git a/synopsis.tex b/synopsis.tex index b70418d..8d49de1 100644 --- a/synopsis.tex +++ b/synopsis.tex @@ -167,9 +167,39 @@ without the knowledge of the account owner. The data could be sold on the black market or published on the internet. It could be used to harass or blackmail the unfortunate users. Attackers could also impersonate them and cause even more problems. It could be especially dangerous when pretending to be a corporate -worker as their actions could harm the entire business. - - +worker as their actions could harm the entire business. Stealing blueprints, +prototypes or early versions of unreleased products could bring massive +losses of money and force changes of plans. + +Another issue is the possibility of gaining access to functionality reserved +only for privileged users, such as moderators and administrators. It could allow +not only for data theft, but also for damaging the system and stored +information. It would allow for spreading viruses and malware throughout the +whole platform, creating a botnet, spambots, mining cryptocurrencies and making +it vulnerable to further attacks. It would be sufficient just to insert +malicious code into the application and infest its users. + +Other, non-technical risks include the possible lost of trust from customers, +who value privacy and wish their data to be secure. It could even lead to +lawsuits, like it happened to Yahoo which got sued over security breaches that +took place between 2013 and 2016. Private information of at least 3 billions +users were exposed, it included names e-mail addresses, dates of birth, +phone numbers, passwords, etc. It cost the company hundreds of millions of +dollars and damaged the brand image permanently. On the other hand, providing +good security could help in gaining new clients. + +In the wake of mobile and Internet of Things applications, security should be +top priority for application developers. IoT creates many new risks that were +never seen before. Since all of the devices are connected to the internet, they +can be accessed by the hackers. It is a big threat to the privacy of their +users, because they can be used to spy on them 24/7 by utilizing built-in +camera, microphone or reading device activity and logs. This information could +be used to blackmail the victims or even help in burglary. By knowing the +victim's daily routine, the criminal could try to break in to the house when its +owner is out. Moreover, he could exploit the "smart home" security system, since +usually it is also connected to the network. Finally, the attacker could use the +functionality of the compromised IoT devices in a bad way, for example making +them use a lot of power, causing short circuit or even starting fire. \section{Conclusion} |