Introduction to Software Security

Ishan Liyanage
Feb 21 · 4 min read

Software Security is very big topic and you will be easily get lost in it. There are lots of information about security. Starting from highly successful startups to terrible news on shocking security breaches. Lets discuss some basic concepts and terminology.

What is Software Security?

Lets have some common answers from IT folks.

  1. Protect system from someone logs in to the system with fake identity.

These are kind of true but do not capture the essence.

What do we want to protect using the software security? Using software security we protect against,

  1. Data Loss

Data Loss

This basically means that sensitive data is lost due to security breach. In other words due to a vulnerability in the system someone cracked the system and made an important data disappeared.

A common example is attacker gains access to the main Database and deletes records.

Disruption of Service

This is when the system activity is disrupted due to attackers actions. In this case it may be nothing to do with system data but system go down. The bottom line is the attacker wants the system to stop working. The common example for this is executing a denial of service attack which overloads the system makes it go down. In other means group of attackers can orchestrate huge load of traffic to the system makes its infrastructure overloaded and in turn makes it go down.

Data Leak

This occurs when the sensitive data is stolen and made it available to unauthorized recipients such as credit card information, contact details. Imagine your own credit card details are in the hands of some hackers.

Data Inconsistency

This occurs when data is manipulated by unauthorized attackers and become inconsistent. Attackers can impersonate as someone else and perform unauthorized actions.

Software Security Terminology

There are few common terminologies we must be familiar with.

  1. Threat -An event if happens, will lead to a security incident that we discussed earlier. e.g SQL injection.

There are many more terms in this domain, but above most basic few terminologies that we should know.

Who is responsible for the Security?

Is there a specific role that is the sole owner of the security aspect of the system? Lets look at a typical organizational chart.

  1. CIO (or CTO)-We have CIO who is responsible for all the IT aspect of the company. Makes sure everyone is aware of security. If CIO not highlighting it, no one will invest time on it.

So each and every one has a role regarding security. Bottom line is when it come to Software Security, Everyone Is Responsible.

The Startup

Get smarter at building your thing. Join The Startup’s +724K followers.

Ishan Liyanage

Written by

Passionate Technical Lead, Senior Software Developer and free and open source software advocate. Based in Singapore.

The Startup

Get smarter at building your thing. Follow to join The Startup’s +8 million monthly readers & +724K followers.

Ishan Liyanage

Written by

Passionate Technical Lead, Senior Software Developer and free and open source software advocate. Based in Singapore.

The Startup

Get smarter at building your thing. Follow to join The Startup’s +8 million monthly readers & +724K followers.

Medium is an open platform where 170 million readers come to find insightful and dynamic thinking. Here, expert and undiscovered voices alike dive into the heart of any topic and bring new ideas to the surface. Learn more

Follow the writers, publications, and topics that matter to you, and you’ll see them on your homepage and in your inbox. Explore

If you have a story to tell, knowledge to share, or a perspective to offer — welcome home. It’s easy and free to post your thinking on any topic. Write on Medium

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store