Computers - EdexcelDeveloping robust software and identifying vulnerabilities

It is important to think about security at the design stage of a software package as this may stop some cyberattacks being possible.

Before writing software, there are a number of questions that need to be considered:

• What threats is the software likely to face?
• Does the software need security features like usernames and passwords, or will security be provided by the network in some other way?
• How will patches be installed?
• Should the software use encryption?
• Does the system need to create an audit trail?

An audit trail is a record of what has been done, and who or what did it. For example, in a banking system, the audit trail would show the date, time and location of a transaction and how the transaction was performed - eg by cash machine or member of staff. An audit trail can be used to check what happened and return the system to a previous state if needed.

While software is being written, there are a number of processes that can be used which will help ensure the software is as secure as possible. Code reviews are checks of source code by other experienced programmers to check it is well written and that no security issues have been created. Modular testing is testing individual sections of code to ensure that they work as expected and don’t contain security issues before they are added to the rest of the system. Data is input to the module, it is processed and outputs are produced. This testing could be done manually or by using an automated test system.

Consideration should also be given to the operating system that the software will be run on. Some operating systems are more secure than others. A secure operating system will be designed with security in mind and is likely to contain features to help the network manager ensure the system security is maintained.