Sapp_Carrie_Unit9_IT481

.docx

School

Purdue Global University *

*We aren’t endorsed by this school

Course

481

Subject

Information Systems

Date

Oct 30, 2023

Type

docx

Pages

Uploaded by CarrieRobinson21

RUNNING HEAD: Unit 9 Assignment Sapp 1 Unit 9 Assignment IT481 Advanced Software Development Prof. Chenyao Zhang Carrie Sapp September 29 th , 2023

Unit 8 Assignment Sapp 2 Carrie Sapp IT481 Advanced Software Development Prof. Chenyao Zhang September 29 th , 2023 Security Techniques In this week’s assignment, we establish the implementing of security techniques within code in order to better secure it. Security techniques are implemented to strengthen security within applications and programs, ensuring that if any hackers or breach attacks were to occur, this will aid in prevention of these attacks due to the increase of security. With this, we will identify different security techniques within this project, summarizing each one and describing how this aids in advancing security to the overall program. The first technique we will identify is input validation. Input validation is a security technique that ensures only the desired formatted data is allowed access into a software application or system component (OWASP, 2023). We have already implemented input validation into this form, providing a User and a Password sign in for a previous assignment. To better secure the form, we will make a change in where we add a limit to how many characters can be inputted for a password. This enables that users are required to enter the desired amount of characters (in this case 8 or more) and if they fail to, they are unable to log in. In this case, this can aid in strengthening security against attackers. With this, providing a longer password containing a larger combination of characters can make it more difficult for the attacker or hacker to guess. The second technique we will discuss is access control. Access control allows for role- based authentication, limiting privileges and restricting access to secure data only to users who

Unit 8 Assignment Sapp 3 need it (Harvey, 2020). This technique determines which user is allowed access to certain data connected through the database. For example, within the Northwind database, there are three main user roles: User_CEO, User_Sales, and User_HR. The User_CEO is allowed access to all information through the database, whereas the User_Sales and User_HR are given limited access to specific information. By implementing access control, we implement the IsAccessible = true/ IsAccessible = false statement using the “if” loop to indicate which user is able to access what information. In doing so, this provides better security in ensuring only specific users are able to access certain information, in that unauthorized users are not able to retrieve sensitive information that if were to fall into the wrong hands, could lead to potential data leaks. Code Screenshots Before security techniques: Input Validation Code:

Your preview ends here

Eager to read complete document? Join bartleby learn and gain access to the full version