1

Security Threats to Software Applications

Student’s Name

Department, Institutional Affiliation

Course Code: Course Name

Instructor’s Name

Due Date
 2

Security Threats to Software Applications

With the rapid digitalization and evolution of technology, the risk of being exposed to

malware attacks increases every day. A typical definition of a malware attack is an attack where

a malicious software (malware) is used to execute unauthorized actions on the system of a

targeted victim (Chesti et al., 2020). All types of malwares are developed with a specific

objective in mind which determines how the execution of command will be conducted. For

example, some malwares are designed to steal critical payment credentials while others are

focused in disrupting the target’s operations as well as demanding payment. The three primary

types of malware vectors that are used by most cybercriminals include worm, virus, and trojan

horse. However, malware attacks can be prevented by implementing the best practice software

assurance techniques. One of the mitigation strategies that can be implemented is secure

handling and management of codes (Chesti et al., 2020). Protection of codes should be a

common practice among people and organizations that use IT systems. Effective code handling

ensures that only authorized personnel can access, view, and modify the content of a system, thus

preventing malicious intruders from introducing vulnerabilities into the system. Furthermore,

design and code reviews need to be conducted as a measure for preventing insertion of malicious

codes.

Another common security threat affecting software applications is SQL injection SQLI)

attacks. This is an attack vector that uses malevolent SQL codes for backend database

manipulation with the objective off accessing information that was not supposed to displayed

(Alenezi, Nadeem & Asif, 2021). The consequences of SQLI attacks are far-reaching since the

attacker can gain administrative rights on the targeted database or delete critical and sensitive

information to an individual or an organization. SQLI attacks can have severe consequences on a

 3

business since the potential cost of the attacks includes the loss of customer trust which can have

negative impact on the sales and revenue generation of that business. Most attackers that use this

approach normally target websites due to their vulnerable nature. This attack method allows the

attacker to manipulate the SQL queries of a software application or website. Despite the potential

risk that SQLI attacks might have on a software application, training and maintaining awareness

is one of solutions that is used in mitigating the challenge (Alenezi, Nadeem & Asif, 2021). It is

critical that organizations and business keep their web applications safe by providing training to

everyone involved in building the application and creating awareness about the potential risks

linked to SQLI attacks. Through training, the parties involved will gain considerable security

knowledge on how to protect the web applications from any SQLI attack. This can be done by

reinforcing the vitality of the SQL queries used in those applications.

 4

References

Alenezi, M., Nadeem, M., & Asif, R. (2021). SQL injection attacks countermeasures

assessments. Indonesian Journal of Electrical Engineering and Computer Science, 21(2),

1121-1131. DOI: 10.11591/ijeecs.v21.i2.pp1121-1131

Chesti, I. A., Humayun, M., Sama, N. U., & Jhanjhi, N. Z. (2020, October). Evolution,

Mitigation, and Prevention of Ransomware. In 2020 2nd International Conference on

Computer and Information Sciences (ICCIS) (pp. 1-6). IEEE. DOI:

10.1109/ICCIS49240.2020.9257708