3. Software and Application Security

---

3. Software and Application Security

3.1 Security Principles in Software Development

• Security in the Software Development Lifecycle (SDLC)

• Secure Coding Practices

• Database Security Concepts

  • Access Control

  • Encryption

  • Backup and Recovery

---

3.2 Web and Application Security

• Web Server Security

• Browser Security Mechanisms

• SSL/TLS (Secure Sockets Layer / Transport Layer Security)

• SET (Secure Electronic Transaction)

• Email Security Protocols and Techniques

---

3.3 Common Application Attacks

• Cross-Site Scripting (XSS)

• Cross-Site Request Forgery (CSRF)

• Out-of-Bounds Read Vulnerabilities

• Input Validation Attacks

• Operating System (OS) Command Injection

• SQL Injection

• Use-After-Free Vulnerabilities

---