17 September, 2014

Security Principles

Security in software industry is an unsaid requirement these days. Clients are looking for a software which works fine, but is secure enough to prevent data breach. 
In this blog we will discuss some of the security principles that should be adapted while developing software that would minimize probability of our applications being hacked
  1. Defence in depth
  2. Positive security Model
  3. Fail Securely
  4. Principle of Least Privilege
  5. Avoid security by obscurity

Defence in Depth
While deploying our application, we must make use of multiple layered structures. Apart from separation of concerns, this helps in adding dedicated layers for security.
    • Network :- open internet world
    • De-militarized zone :-  A physical location to prevent un-authorized access to computer system and network
    • View :- View layer of the system application. 
    • Request Filters :- Identify and reject bogus requests
    Each layer must have its own security implementation, so that if one layer is breached, there are more layers to support as a security backup wall. Use of DMZ is recommended. Use of firewalls, anti virus protection is a must. All security breaches must be identified and logged to prevent future violations.

    Positive security Model
    Our security model should cover positive scenarios, which means we should concentrate on allowing the things which are allowed, rather than disallowing things which are not.
    As an example, let us say there is an input field. For it, we should design a security model to accept the limited characters that are supported.Let us say a-z, A-Z.
    One way of implementing it would be by creating a set of invalid characters (e.g. symbols and numbers), and  preventing any character from that set.
    Another way is to create a valid set of alphabets, and ensuring that all inputs are from that of valid set.
    The second approach is called positive security model. The shortcoming of first approach is, that there can be a large number of invalid characters, and the list may grow with time, as the technologies advance. But with second approach, we don't need to worry about growing invalid char set.

    Fail Securely
    Failures happen, things are not in our control always. Servers go down, network issues happen, bugs are transferred to live environments, lots of other failures happens. With growing in complexity and third party dependencies we make our applications highly susceptible to failures. We cannot always control everything, but we can control our application's behaviour in case of failure.
    As many as possible failures must be handled internally to the application and behaviour must not be transported to end users. This would prevent disclosure of internal architecture of application to hackers.

    Principle of Least Privilege
    The Principle of least privilege states that, to begin with, all users must have least privileges or authorities to perform actions. Added authority must be given only if required and only for the time it is required, after the action is performed,