https://em360tech.com/podcasts/qwiet-ai-intersection-ai-and-application-security https://www.forbes.com/sites/adrianbridgwater/2023/12/01/qwiet-ai-raises-volume-of-application-vulnerability-fixes/ # Chapter a few: Core Security Rules and Concepts Just before diving further in to threats and defense, it's essential to establish the essential principles that underlie application security. These types of core concepts happen to be the compass in which security professionals get around decisions and trade-offs. They help respond to why certain settings are necessary and what goals all of us are trying in order to achieve. Several foundational models and guidelines guide the design and evaluation of safeguarded systems, the nearly all famous being the particular CIA triad in addition to associated security guidelines. ## The CIA Triad – Discretion, Integrity, Availability In the middle of information safety (including ) are three main goals: 1. **Confidentiality** – Preventing illegal usage of information. In simple terms, trying to keep secrets secret. Simply those who are authorized (have typically the right credentials or even permissions) should be able to watch or use hypersensitive data. According to NIST, confidentiality means "preserving authorized limitations on access in addition to disclosure, including methods for protecting personalized privacy and exclusive information" PTGMEDIA. PEARSONCMG. COM . Breaches of confidentiality include new trends like data leaks, password disclosure, or an attacker reading through someone else's e-mails. A real-world example is an SQL injection attack that dumps all customer records from a new database: data that will should have been confidential is exposed to the particular attacker. The contrary involving confidentiality is disclosure PTGMEDIA. PEARSONCMG. POSSUINDO – when details is showed individuals not authorized to be able to see it. a couple of. **Integrity** – Safeguarding data and techniques from unauthorized custom