UNDER DEVELOPMENT... Learning never stops. Your comments, encouragement or criticism to my blog tkokhing.github.io are most welcome to help me grow. Thank you! ...UNDER DEVELOPMENT

Home / topics / AtoZ / bitwise

Learning bitwise

Cover Image for Learning bitwise
tkokhing
tkokhing
Posted on:

SOFTWARE SECURITY — MORE THAN YOU THINK

Software security is not just a technical requirement — it’s a business and societal necessity. As our systems become more connected and data-driven, the software we build is increasingly trusted with sensitive operations, critical infrastructure, and personal information. That trust can only exist if security is built in from the start.

My background in air defence, cybersecurity, infrastructure development, and systems engineering has shown me how software vulnerabilities can ripple across entire ecosystems — whether in national defense, enterprise environments, or public services.

A single weakness can undermine security bit by bit — until trust, functionality, or even safety is compromised. This blog shares why software hardening isn’t just technical — it's essential.

Baseline of Protecting Your Codes

That said, there is always a baseline to how to secure systems, environments, and your code. Below are my thoughts:

🛡️ Code Hardening and Penetration Testing

Code hardening is a complex but necessary process. Think of it like securing a house — not just locking the front door, but adding security cameras, alarm systems, strong windows, and motion detectors.

Think of penetration testing as hiring a locksmith to deliberately try to break into your house — so you can fix the flaws before a real burglar tries.

🔐 Code Obfuscation

We scramble the code so it’s hard to read or understand — even if someone manages to peek inside. Imagine giving a recipe to someone, but all the ingredients are renamed and the steps are jumbled. They might have the document, but they won’t know how to cook the dish.

🧱 White-Box Cryptography & Secure Storage

Sensitive information, like passwords or encryption keys, is locked away in such a way that even if someone breaks into the app, they can’t easily find or use it. It’s like storing your valuables in a safe that’s disguised as part of the wall.

White-box cryptography protects cryptographic keys even when attackers can view or control the running environment — such as on a jailbroken phone or rooted device.

⚙️ Runtime Application Self-Protection (RASP)

The app is trained to watch itself for suspicious behavior. If it detects someone trying to tamper with it — like jailbreaking the phone or inserting fake tools — it can shut itself down or block certain features. Like a car that senses theft and disables the engine.

📱 Device & User Authentication

We make sure the app only works on approved devices, and often require fingerprint, face ID, or multi-step verification. It’s like checking both the person’s face and the key card before letting them into a secure building.

🛑 Anti-Tampering & Anti-Cloning

We add protective seals so if anyone tries to modify or duplicate the app, it can detect the changes and stop functioning. Like a warranty sticker on electronics — if it’s broken, you know someone tampered with it.

🔗 Secure Network Communication

When the app talks to the server, it speaks in a secure, encrypted language — like passing notes in a secret code that only the sender and receiver understand. This prevents attackers from “listening in” on the conversation.

✅ Baseline Thus Far

As you can see, hardening of code means protecting systems from every angle — like a smart home with alarms, cameras, and locks. We use a layered approach: hiding sensitive parts, watching for intruders, and making sure only the right people and devices can use it. It’s complex, but it’s what keeps users safe and trust intact.

🧩 Going Further Beyond the Baseline

Obviously, everything comes with a cost. Hence, I’ve separated some additional measures that often incur extra resources — monetary, skill-based, or man-hours. Let's discuss them now.

🛠️ Documenting Secure Software Development Practices

Security starts early in the process. Developers follow secure coding guidelines and use tools to scan for vulnerabilities before the app is released. Documenting these practices helps consolidate collective effort. However, such documentation also needs a systemic review process to stay current and legally sound.

🧪 Threat Modeling

Security teams simulate real-world attacks to find weak spots. They also map out where evolving threats could come from. This is more than hiring a locksmith (pen-tester) to strength-test — it’s about being creative on how else someone could break in before a real burglar does.

📦 Managing Third-Party Libraries

Apps often rely on external components. We audit and manage these parts to ensure they don't introduce risks. Tools often require subscription fees and can automatically detect and alert developers when new vulnerabilities appear in commonly used libraries.

It’s like engaging a food importer that not only checks every ingredient sent to your kitchen, but also recalls them when something goes wrong.

📡 Monitoring and Telemetry

You can incorporate monitoring tools to grasp usage patterns and report suspicious behavior — like crashes or odd login behaviors. Think of it as a silent alarm system that tells you when something unusual is happening — without disturbing the user.

⚖️ Balancing Security and Usability

Security must be strong, but it also must not frustrate the user. We aim for smart, seamless protection. This is where investing in UI/UX becomes important. Like a high-security lock that opens smoothly for the right person but stops intruders cold.

CONCLUSION

Software security, to me, isn’t just about bits, bytes, or patching code — it’s about protecting the integrity of the systems we rely on every day. A single vulnerability can ripple across an entire ecosystem, bit by bit, until trust is eroded, functionality disrupted, or safety compromised.

A classic example: insecure coding might lead to misconfigured two-factor authentication or weak input validation. This could enable unauthorized access or data exfiltration — which may escalate to lateral movement or, worse, full privilege escalation across the system.

In today’s connected world of mobile apps, cloud platforms, and smart infrastructure, I believe secure software has become the backbone of digital trust. My experience in defense, cybersecurity, and systems engineering has taught me that real protection doesn’t start with tools — it starts with mindset.

And that’s why we must keep learning — bitwise.